- •Cloud Computing
- •Foreword
- •Preface
- •Introduction
- •Expected Audience
- •Book Overview
- •Part 1: Cloud Base
- •Part 2: Cloud Seeding
- •Part 3: Cloud Breaks
- •Part 4: Cloud Feedback
- •Contents
- •1.1 Introduction
- •1.1.1 Cloud Services and Enabling Technologies
- •1.2 Virtualization Technology
- •1.2.1 Virtual Machines
- •1.2.2 Virtualization Platforms
- •1.2.3 Virtual Infrastructure Management
- •1.2.4 Cloud Infrastructure Manager
- •1.3 The MapReduce System
- •1.3.1 Hadoop MapReduce Overview
- •1.4 Web Services
- •1.4.1 RPC (Remote Procedure Call)
- •1.4.2 SOA (Service-Oriented Architecture)
- •1.4.3 REST (Representative State Transfer)
- •1.4.4 Mashup
- •1.4.5 Web Services in Practice
- •1.5 Conclusions
- •References
- •2.1 Introduction
- •2.2 Background and Related Work
- •2.3 Taxonomy of Cloud Computing
- •2.3.1 Cloud Architecture
- •2.3.1.1 Services and Modes of Cloud Computing
- •Software-as-a-Service (SaaS)
- •Platform-as-a-Service (PaaS)
- •Hardware-as-a-Service (HaaS)
- •Infrastructure-as-a-Service (IaaS)
- •2.3.2 Virtualization Management
- •2.3.3 Core Services
- •2.3.3.1 Discovery and Replication
- •2.3.3.2 Load Balancing
- •2.3.3.3 Resource Management
- •2.3.4 Data Governance
- •2.3.4.1 Interoperability
- •2.3.4.2 Data Migration
- •2.3.5 Management Services
- •2.3.5.1 Deployment and Configuration
- •2.3.5.2 Monitoring and Reporting
- •2.3.5.3 Service-Level Agreements (SLAs) Management
- •2.3.5.4 Metering and Billing
- •2.3.5.5 Provisioning
- •2.3.6 Security
- •2.3.6.1 Encryption/Decryption
- •2.3.6.2 Privacy and Federated Identity
- •2.3.6.3 Authorization and Authentication
- •2.3.7 Fault Tolerance
- •2.4 Classification and Comparison between Cloud Computing Ecosystems
- •2.5 Findings
- •2.5.2 Cloud Computing PaaS and SaaS Provider
- •2.5.3 Open Source Based Cloud Computing Services
- •2.6 Comments on Issues and Opportunities
- •2.7 Conclusions
- •References
- •3.1 Introduction
- •3.2 Scientific Workflows and e-Science
- •3.2.1 Scientific Workflows
- •3.2.2 Scientific Workflow Management Systems
- •3.2.3 Important Aspects of In Silico Experiments
- •3.3 A Taxonomy for Cloud Computing
- •3.3.1 Business Model
- •3.3.2 Privacy
- •3.3.3 Pricing
- •3.3.4 Architecture
- •3.3.5 Technology Infrastructure
- •3.3.6 Access
- •3.3.7 Standards
- •3.3.8 Orientation
- •3.5 Taxonomies for Cloud Computing
- •3.6 Conclusions and Final Remarks
- •References
- •4.1 Introduction
- •4.2 Cloud and Grid: A Comparison
- •4.2.1 A Retrospective View
- •4.2.2 Comparison from the Viewpoint of System
- •4.2.3 Comparison from the Viewpoint of Users
- •4.2.4 A Summary
- •4.3 Examining Cloud Computing from the CSCW Perspective
- •4.3.1 CSCW Findings
- •4.3.2 The Anatomy of Cloud Computing
- •4.3.2.1 Security and Privacy
- •4.3.2.2 Data and/or Vendor Lock-In
- •4.3.2.3 Service Availability/Reliability
- •4.4 Conclusions
- •References
- •5.1 Overview – Cloud Standards – What and Why?
- •5.2 Deep Dive: Interoperability Standards
- •5.2.1 Purpose, Expectations and Challenges
- •5.2.2 Initiatives – Focus, Sponsors and Status
- •5.2.3 Market Adoption
- •5.2.4 Gaps/Areas of Improvement
- •5.3 Deep Dive: Security Standards
- •5.3.1 Purpose, Expectations and Challenges
- •5.3.2 Initiatives – Focus, Sponsors and Status
- •5.3.3 Market Adoption
- •5.3.4 Gaps/Areas of Improvement
- •5.4 Deep Dive: Portability Standards
- •5.4.1 Purpose, Expectations and Challenges
- •5.4.2 Initiatives – Focus, Sponsors and Status
- •5.4.3 Market Adoption
- •5.4.4 Gaps/Areas of Improvement
- •5.5.1 Purpose, Expectations and Challenges
- •5.5.2 Initiatives – Focus, Sponsors and Status
- •5.5.3 Market Adoption
- •5.5.4 Gaps/Areas of Improvement
- •5.6 Deep Dive: Other Key Standards
- •5.6.1 Initiatives – Focus, Sponsors and Status
- •5.7 Closing Notes
- •References
- •6.1 Introduction and Motivation
- •6.2 Cloud@Home Overview
- •6.2.1 Issues, Challenges, and Open Problems
- •6.2.2 Basic Architecture
- •6.2.2.1 Software Environment
- •6.2.2.2 Software Infrastructure
- •6.2.2.3 Software Kernel
- •6.2.2.4 Firmware/Hardware
- •6.2.3 Application Scenarios
- •6.3 Cloud@Home Core Structure
- •6.3.1 Management Subsystem
- •6.3.2 Resource Subsystem
- •6.4 Conclusions
- •References
- •7.1 Introduction
- •7.2 MapReduce
- •7.3 P2P-MapReduce
- •7.3.1 Architecture
- •7.3.2 Implementation
- •7.3.2.1 Basic Mechanisms
- •Resource Discovery
- •Network Maintenance
- •Job Submission and Failure Recovery
- •7.3.2.2 State Diagram and Software Modules
- •7.3.3 Evaluation
- •7.4 Conclusions
- •References
- •8.1 Introduction
- •8.2 The Cloud Evolution
- •8.3 Improved Network Support for Cloud Computing
- •8.3.1 Why the Internet is Not Enough?
- •8.3.2 Transparent Optical Networks for Cloud Applications: The Dedicated Bandwidth Paradigm
- •8.4 Architecture and Implementation Details
- •8.4.1 Traffic Management and Control Plane Facilities
- •8.4.2 Service Plane and Interfaces
- •8.4.2.1 Providing Network Services to Cloud-Computing Infrastructures
- •8.4.2.2 The Cloud Operating System–Network Interface
- •8.5.1 The Prototype Details
- •8.5.1.1 The Underlying Network Infrastructure
- •8.5.1.2 The Prototype Cloud Network Control Logic and its Services
- •8.5.2 Performance Evaluation and Results Discussion
- •8.6 Related Work
- •8.7 Conclusions
- •References
- •9.1 Introduction
- •9.2 Overview of YML
- •9.3 Design and Implementation of YML-PC
- •9.3.1 Concept Stack of Cloud Platform
- •9.3.2 Design of YML-PC
- •9.3.3 Core Design and Implementation of YML-PC
- •9.4 Primary Experiments on YML-PC
- •9.4.1 YML-PC Can Be Scaled Up Very Easily
- •9.4.2 Data Persistence in YML-PC
- •9.4.3 Schedule Mechanism in YML-PC
- •9.5 Conclusion and Future Work
- •References
- •10.1 Introduction
- •10.2 Related Work
- •10.2.1 General View of Cloud Computing frameworks
- •10.2.2 Cloud Computing Middleware
- •10.3 Deploying Applications in the Cloud
- •10.3.1 Benchmarking the Cloud
- •10.3.2 The ProActive GCM Deployment
- •10.3.3 Technical Solutions for Deployment over Heterogeneous Infrastructures
- •10.3.3.1 Virtual Private Network (VPN)
- •10.3.3.2 Amazon Virtual Private Cloud (VPC)
- •10.3.3.3 Message Forwarding and Tunneling
- •10.3.4 Conclusion and Motivation for Mixing
- •10.4 Moving HPC Applications from Grids to Clouds
- •10.4.1 HPC on Heterogeneous Multi-Domain Platforms
- •10.4.2 The Hierarchical SPMD Concept and Multi-level Partitioning of Numerical Meshes
- •10.4.3 The GCM/ProActive-Based Lightweight Framework
- •10.4.4 Performance Evaluation
- •10.5 Dynamic Mixing of Clusters, Grids, and Clouds
- •10.5.1 The ProActive Resource Manager
- •10.5.2 Cloud Bursting: Managing Spike Demand
- •10.5.3 Cloud Seeding: Dealing with Heterogeneous Hardware and Private Data
- •10.6 Conclusion
- •References
- •11.1 Introduction
- •11.2 Background
- •11.2.1 ASKALON
- •11.2.2 Cloud Computing
- •11.3 Resource Management Architecture
- •11.3.1 Cloud Management
- •11.3.2 Image Catalog
- •11.3.3 Security
- •11.4 Evaluation
- •11.5 Related Work
- •11.6 Conclusions and Future Work
- •References
- •12.1 Introduction
- •12.2 Layered Peer-to-Peer Cloud Provisioning Architecture
- •12.4.1 Distributed Hash Tables
- •12.4.2 Designing Complex Services over DHTs
- •12.5 Cloud Peer Software Fabric: Design and Implementation
- •12.5.1 Overlay Construction
- •12.5.2 Multidimensional Query Indexing
- •12.5.3 Multidimensional Query Routing
- •12.6 Experiments and Evaluation
- •12.6.1 Cloud Peer Details
- •12.6.3 Test Application
- •12.6.4 Deployment of Test Services on Amazon EC2 Platform
- •12.7 Results and Discussions
- •12.8 Conclusions and Path Forward
- •References
- •13.1 Introduction
- •13.2 High-Throughput Science with the Nimrod Tools
- •13.2.1 The Nimrod Tool Family
- •13.2.2 Nimrod and the Grid
- •13.2.3 Scheduling in Nimrod
- •13.3 Extensions to Support Amazon’s Elastic Compute Cloud
- •13.3.1 The Nimrod Architecture
- •13.3.2 The EC2 Actuator
- •13.3.3 Additions to the Schedulers
- •13.4.1 Introduction and Background
- •13.4.2 Computational Requirements
- •13.4.3 The Experiment
- •13.4.4 Computational and Economic Results
- •13.4.5 Scientific Results
- •13.5 Conclusions
- •References
- •14.1 Using the Cloud
- •14.1.1 Overview
- •14.1.2 Background
- •14.1.3 Requirements and Obligations
- •14.1.3.1 Regional Laws
- •14.1.3.2 Industry Regulations
- •14.2 Cloud Compliance
- •14.2.1 Information Security Organization
- •14.2.2 Data Classification
- •14.2.2.1 Classifying Data and Systems
- •14.2.2.2 Specific Type of Data of Concern
- •14.2.2.3 Labeling
- •14.2.3 Access Control and Connectivity
- •14.2.3.1 Authentication and Authorization
- •14.2.3.2 Accounting and Auditing
- •14.2.3.3 Encrypting Data in Motion
- •14.2.3.4 Encrypting Data at Rest
- •14.2.4 Risk Assessments
- •14.2.4.1 Threat and Risk Assessments
- •14.2.4.2 Business Impact Assessments
- •14.2.4.3 Privacy Impact Assessments
- •14.2.5 Due Diligence and Provider Contract Requirements
- •14.2.5.1 ISO Certification
- •14.2.5.2 SAS 70 Type II
- •14.2.5.3 PCI PA DSS or Service Provider
- •14.2.5.4 Portability and Interoperability
- •14.2.5.5 Right to Audit
- •14.2.5.6 Service Level Agreements
- •14.2.6 Other Considerations
- •14.2.6.1 Disaster Recovery/Business Continuity
- •14.2.6.2 Governance Structure
- •14.2.6.3 Incident Response Plan
- •14.3 Conclusion
- •Bibliography
- •15.1.1 Location of Cloud Data and Applicable Laws
- •15.1.2 Data Concerns Within a European Context
- •15.1.3 Government Data
- •15.1.4 Trust
- •15.1.5 Interoperability and Standardization in Cloud Computing
- •15.1.6 Open Grid Forum’s (OGF) Production Grid Interoperability Working Group (PGI-WG) Charter
- •15.1.7.1 What will OCCI Provide?
- •15.1.7.2 Cloud Data Management Interface (CDMI)
- •15.1.7.3 How it Works
- •15.1.8 SDOs and their Involvement with Clouds
- •15.1.10 A Microsoft Cloud Interoperability Scenario
- •15.1.11 Opportunities for Public Authorities
- •15.1.12 Future Market Drivers and Challenges
- •15.1.13 Priorities Moving Forward
- •15.2 Conclusions
- •References
- •16.1 Introduction
- •16.2 Cloud Computing (‘The Cloud’)
- •16.3 Understanding Risks to Cloud Computing
- •16.3.1 Privacy Issues
- •16.3.2 Data Ownership and Content Disclosure Issues
- •16.3.3 Data Confidentiality
- •16.3.4 Data Location
- •16.3.5 Control Issues
- •16.3.6 Regulatory and Legislative Compliance
- •16.3.7 Forensic Evidence Issues
- •16.3.8 Auditing Issues
- •16.3.9 Business Continuity and Disaster Recovery Issues
- •16.3.10 Trust Issues
- •16.3.11 Security Policy Issues
- •16.3.12 Emerging Threats to Cloud Computing
- •16.4 Cloud Security Relationship Framework
- •16.4.1 Security Requirements in the Clouds
- •16.5 Conclusion
- •References
- •17.1 Introduction
- •17.1.1 What Is Security?
- •17.2 ISO 27002 Gap Analyses
- •17.2.1 Asset Management
- •17.2.2 Communications and Operations Management
- •17.2.4 Information Security Incident Management
- •17.2.5 Compliance
- •17.3 Security Recommendations
- •17.4 Case Studies
- •17.4.1 Private Cloud: Fortune 100 Company
- •17.4.2 Public Cloud: Amazon.com
- •17.5 Summary and Conclusion
- •References
- •18.1 Introduction
- •18.2 Decoupling Policy from Applications
- •18.2.1 Overlap of Concerns Between the PEP and PDP
- •18.2.2 Patterns for Binding PEPs to Services
- •18.2.3 Agents
- •18.2.4 Intermediaries
- •18.3 PEP Deployment Patterns in the Cloud
- •18.3.1 Software-as-a-Service Deployment
- •18.3.2 Platform-as-a-Service Deployment
- •18.3.3 Infrastructure-as-a-Service Deployment
- •18.3.4 Alternative Approaches to IaaS Policy Enforcement
- •18.3.5 Basic Web Application Security
- •18.3.6 VPN-Based Solutions
- •18.4 Challenges to Deploying PEPs in the Cloud
- •18.4.1 Performance Challenges in the Cloud
- •18.4.2 Strategies for Fault Tolerance
- •18.4.3 Strategies for Scalability
- •18.4.4 Clustering
- •18.4.5 Acceleration Strategies
- •18.4.5.1 Accelerating Message Processing
- •18.4.5.2 Acceleration of Cryptographic Operations
- •18.4.6 Transport Content Coding
- •18.4.7 Security Challenges in the Cloud
- •18.4.9 Binding PEPs and Applications
- •18.4.9.1 Intermediary Isolation
- •18.4.9.2 The Protected Application Stack
- •18.4.10 Authentication and Authorization
- •18.4.11 Clock Synchronization
- •18.4.12 Management Challenges in the Cloud
- •18.4.13 Audit, Logging, and Metrics
- •18.4.14 Repositories
- •18.4.15 Provisioning and Distribution
- •18.4.16 Policy Synchronization and Views
- •18.5 Conclusion
- •References
- •19.1 Introduction and Background
- •19.2 A Media Service Cloud for Traditional Broadcasting
- •19.2.1 Gridcast the PRISM Cloud 0.12
- •19.3 An On-demand Digital Media Cloud
- •19.4 PRISM Cloud Implementation
- •19.4.1 Cloud Resources
- •19.4.2 Cloud Service Deployment and Management
- •19.5 The PRISM Deployment
- •19.6 Summary
- •19.7 Content Note
- •References
- •20.1 Cloud Computing Reference Model
- •20.2 Cloud Economics
- •20.2.1 Economic Context
- •20.2.2 Economic Benefits
- •20.2.3 Economic Costs
- •20.2.5 The Economics of Green Clouds
- •20.3 Quality of Experience in the Cloud
- •20.4 Monetization Models in the Cloud
- •20.5 Charging in the Cloud
- •20.5.1 Existing Models of Charging
- •20.5.1.1 On-Demand IaaS Instances
- •20.5.1.2 Reserved IaaS Instances
- •20.5.1.3 PaaS Charging
- •20.5.1.4 Cloud Vendor Pricing Model
- •20.5.1.5 Interprovider Charging
- •20.6 Taxation in the Cloud
- •References
- •21.1 Introduction
- •21.2 Background
- •21.3 Experiment
- •21.3.1 Target Application: Value at Risk
- •21.3.2 Target Systems
- •21.3.2.1 Condor
- •21.3.2.2 Amazon EC2
- •21.3.2.3 Eucalyptus
- •21.3.3 Results
- •21.3.4 Job Completion
- •21.3.5 Cost
- •21.4 Conclusions and Future Work
- •References
- •Index
306 |
K.W.S. Morrison |
SOA builds on earlier formalized approaches to distributed application development and integration, and indeed contributes to other emerging methodologies [29]. Arguably, it is the most successful paradigm for large-scale application development among heterogeneous systems. Cloud applications are borrowing heavily from SOA methodologies and philosophical stance [12], so clearly successful technological solutions developed under SOA are worthy of consideration for migration to cloud architectures [14]. Indeed, many of the security challenges solved by SOA architects now appear in cloud deployment [20].
The enforcement of policy governing access to services – which at its simplest covers only authentication, authorization, and audit – can be complex to implement because of the diversity in application platforms and architecture. Thus, the best practice for policy enforcement is to decouple this from services. This strategy has a number of favorable outcomes. It allows for the consistent management and enforcement of policy across a broad spectrum of services; it offers the opportunity for reuse; it simplifies necessary integration with identity infrastructure; and finally it transcends limitations imposed by the existing languages and libraries. As a side effect, this approach allows modeling of policy as an aspect of an application or service module. This promotes a declarative approach to rule sets, offering responsive change and no direct coupling to compiled and linked application builds.
The purpose of this chapter is to propose the deployment of SOA PEPs into cloud environments as a means of providing a flexible and robust security and monitoring layer for cloud-based applications and data. It will specifically explore how differences between cloud environments and on-premise IT (the traditional deployment locale for SOA) affect the SOA PEP. Where appropriate, it will suggest ways to overcome issues caused by characteristic differences in the cloud environment.
This chapter will restrict its view to SOA PEPs used in intersystem communication, under application-layer protocols such as SOAP and the related WS-* embellishments. This is not to diminish the role of Web browser to server communications in cloud scenarios (indeed, at present this constitutes the bulk of the transaction volume in cloud computing). However, Web-oriented policy enforcement is largely a solved problem and the existing implementations transfer to cloud-based deployments with little challenge, as evidenced by the growing adoption among SaaS providers of security models based on SSL and SAML, OpenID, or OAuth. This chapter will instead acknowledge the increasing importance of application-to- application XML-based traffic in enterprise-centric cloud computing and focus on the specialized issues faced in governing these transactions both within cloud providers and across the public Internet.
18.2 Decoupling Policy from Applications
The capabilities and constraints of an architectural model drive the scope of the policy used to manage system entities residing in it. The Web, for example, benefited greatly from a highly constrained architectural model [9]. All resources can be addressed
18 Technologies for Enforcement and Distribution of Policy in Cloud Architectures |
307 |
through the URI [2]; this identifier is relatively unambiguous, visible, and inexpensive to parse within the HTTP. HTTP offers few options for identity claims and SSL provides a decoupled security layer protecting transmission. The high degree of constraint and rigor that defines the Web allows policy to consist of little more than confidentiality and integrity, authentication, authorization, and some audit – all elements that promote a clear separation between Web application and policy enforcement.
Web architecture is the basis of Web services. However, in contrast to its foundation, Web services are less constrained, vastly more complex, and suffer from an approach to standardization that is highly distributed. The basic processing and security models offer a breadth of scope that leaves considerable underspecification [17]. This has made implementation in application servers complex and prone to issues with interoperability.
In the SOA community, one approach to these challenges has been to separate security and monitoring functions into a PEP decoupled from the application services themselves. Policy, which is a concrete language for asserting the requirements that constitute the run time governance of services, is the logical place to accommodate the more diverse needs of Web services and to articulate a strict message-processing model for enforcement points. Policy enforcement thus takes on a much more significant role in facilitating service-oriented communications than for the conventional Web.
The canonical model for decoupled policy enforcement promotes a separation of concerns between the system entity responsible for enforcement, the Policy Enforcement Point (PEP), and the system entity responsible for decision-making, the Policy Decision Point (PDP), recognizing that the latter is often a centralized resource shared among many lightweight enforcement instances [30]. This has been well described in the context of Web applications [16], but the model is of similar value when applied to Web services transactions.
18.2.1 Overlap of Concerns Between the PEP and PDP
The essential tension in this model is between the desire to have centralized, authoritative decision-making and the practical need for distributed enforcement. The PDP requires visibility of key elements of a transaction to render decisions effectively; the PEP has full visibility, but it cannot practically relay this entire context to the PDP. Identity-centric PDPs should be in proximity to directories and serve as unambiguous authority for decision-making. To meet performance, security, and reliability demands, PEPs should reside with applications. The communication between PEPs and PDPs must reflect an optimization of data necessary to render an effective decision without significantly degrading transactional throughput. This has ramifications for cloud deployment.
In the conventional Web, the policy model segments cleanly because of the limited scope of policy in the architecture. Web PEPs are responsible for enforcing privacy and integrity expectations of policy locally; to escalate an access control
308 |
K.W.S. Morrison |
decision, the PEP simply bundles identity claims, intended actions, and target URI and relays this to a PDP.
Web services transactions, in contrast, blur the distinction between these system entities because a lot of the decision-making demands additional message context that is not practical for a PEP to relay to a central PDP. Thus, SOA PEPs retain considerable internal decision-making responsibility. This independence is a crucial factor when deploying into cloud-based environments, where communication with a centralized PDP (which may reside on-premises instead of within the cloud) could be impractical for reasons of security or latency. Distribution of authority comes at a cost of increased policy management and provisioning.
18.2.2 Patterns for Binding PEPs to Services
There are two common deployment patterns for PEPs: as agents, which integrate directly into the application container and as intermediaries, which are independent of the application container and often reside on a separate physical or virtual host. There are tradeoffs associated with each approach that have particular ramifications in the context of cloud deployment. The important consideration here is how to secure the point of interface between the PEP and the relying party service (which in general resides inside an application server container). This defines the trust model between these entities.
18.2.3 Agents
The agent-based model of PEP deployment uses a plug-in that integrates directly into the execution model of the application container. The point of interface is an application server API.
There are a number of reasons that make this strategy attractive. The tight binding between the PEP and the application server execution context means that validated identity claims can be propagated directly into the application, using technologies such as JAAS in Java application servers or thread impersonation in systems supporting a high degree of integration between OS and application server (such as Microsoft environments). Collapsing this into a single execution context trivially provides security and establishes trust across the last mile – the hop between the PEP and the application. Agents distribute security processing along with applications, thereby benefiting from scalability strategies associated with the application and avoiding potential security bottlenecks.
However, there are issues with this approach. The tight, code-level binding between PEP and application server has its own challenges. With the exception of the Java servlet filter API, there are no standardized and widely adopted interfaces to application server execution context. This implication is that organizations with a large number
18 Technologies for Enforcement and Distribution of Policy in Cloud Architectures |
309 |
of heterogeneous systems (including simple version and patch differences between like-servers) find agent-based PEPs difficult to deploy broadly and consistently.
In practice, this leads to a lowest-common-denominator approach to functionality in agents. For simple Web application agents, requiring little more from policy than authentication, authorization, and audit, this is sufficient; however, it has limited agent applicability for Web services PEPs, as these require advanced policy processing capabilities. Furthermore, introducing third-party code into application servers injects manageability risks. This has fostered a pejorative association with agents in the commercial marketplace, leading some vendors to explicitly promote their “agent-less” architecture.
The colocation of a PEP and an application server may be concealing other potential risks. Binding the PEP to a generalized application server install makes this critical security layer subject to the integrity of the underlying OS. Hardening modern operating systems is a complex and highly specialized task, and the best practices may be compromised to accommodate server needs or simply from a lack of appreciation of their importance. If an attacker successfully compromises the OS, the entire security model collapses, rendering the PEP superfluous.
Agents have been widely successful in conventional Web servers, both onpremise, in SaaS applications, and in generalized cloud deployment of Web applications. In these cases, HTTP servers tend to be monocultures, de-emphasizing diversity issues with the agent interface. The limited demands of Web policy also allow Web agents to be lightweight and simpler to package with server installations.
18.2.4 Intermediaries
The intermediary model delegates PEP processing to an independent unit that can simultaneously serve one or more downstream relying parties. It operates as a policy-driven reverse-proxy to these applications. The point of interface here consists of basic network (e.g. TCP) and application layer (e.g. HTTP) protocols. These of course benefit from standardization and widespread support – this maturity makes deployment essentially universal.
The conventional on-premise SOA deployment of PEP intermediaries consists of hardened, performance-optimized appliances that are physically separate from application servers. This model invests PEPs with a high degree of trust; they serve as an independent policy layer that fully gates all communications to and from less policy capable internal services. PEPs are tuned for high-performance processing of common traffic profiles, particularly XML-based transactions where significant benefit is realized by leveraging purpose-built acceleration chips for essential operations such as schema validation, transform, and query. Intermediary PEPs are rarely a performance bottleneck because of the vertical scalability benefits of such optimizations and the horizontal scalability potential that comes from placing additional units in parallel.