The management stack contains a range of linked capabilities that provide the ability to manage the service delivery layers. Typically, these are capabilities to whichimage the provider connects rather than the consumer. However, some of the reporting output from the management stack can appear in the service delivery layer and form the basis for information that the consumer can access.

The provider’s contact with the management layer goes through the same levels of authentication, authorization, and auditing as the consumer’s approach to the service delivery layer. Although you might expect that you should be able to trust your administrators more, their greater levels of control mean that you have to be more aware of what your administrators are up to and in consequence, can afford to trust them less.

Management Tools

The exact management tools that you use in a private cloud environment will depend on your organizational policy, operating system and virtualization platforms, training, and personal preference. Tools with specific security functionality cover the following capabilities:

  • Deployment and Provisioning Management
  • Capacity Management
  • Change and Configuration Management
  • Release and Deployment Management
  • Network Management
  • Fabric Management
  • Incident and Problem Management

Authentication, Authorization, Auditing and Role-Based Access Control

The management stack must fully integrate with the highest levels of authentication available within your private cloud environment. Typically, you would implement two-factor authentication alongside federation to identity-enable individual management applications within the cloud.

Management Isolation from User Data

In a fully service-oriented private or hybrid cloud implementation, you treat your organization’s business units as separate tenants. In consequence, your administrators are a separate tenant and access rights to other tenants’ data should be restricted.

In consequence, auditing for administrators must look for unexpected behaviors, such as changing permissions to give access to tenant resources. This response to such incidents (whether concerning administrator accounts or not) should be gradated, in that an attempt to view a general document in a particular business unit does not necessarily need to be treated in the same way as an attempt to access a spreadsheet of company salaries and bonuses owned by the Finance department. As with any business asset, there should be a sanity check to establish if the administrator has valid reasons to change permissions on a particular file. 

This document is part of a collection of documents that comprise the Reference Architecture for Private Cloud document set. The Solution for Private Cloud is a community collaboration project. Please feel free to edit this document to improve its quality. If you would like to be recognized for your work on improving this document, please include your name and any contact information you wish to share at the bottom of this page

Although automation and data processing provides advanced capacity to analyze large data sets that auditing generates, a common-sense human-centric approach needs to apply to investigative follow-up. Any investigation needs to follow the contractual terms of the employee’s engagement and comply with local employment laws.


If you edit this page and would like acknowledgement of your participation in the v1 version of this document set, please include your name below:
[Enter your name here and include any contact information you would like to share]

Return to Private Cloud Security Model

Return to Blueprint for A Solution for Private Cloud Security

Return to A Solution for Private Cloud Security

Return to Reference Architecture for Private Cloud

Move forward to Private Cloud Security Model - Client Security

Table of Contents for A Solution for Private Cloud Security