On-site Community Cloud

In a community of organizations, some members may provide cloud services, consume them or both. Each organization implements a security perimeter, and the participant organizations are connected via links between the boundary controllers that allow access through their security perimeters.

The on-site community cloud resources, such as a web server with sensitive information, can be located at any of the member sites where cloud services are provided.

The cloud consumer organizations (X, Y and Z in the figure) can connect the user devices such as smartphones, laptops, tablets and other wireless BYOD (bring your own devices) to IP over WiFi (IP / WiFi) or IP over 4G (IP / 4G WiMAX or LTE)  networks to communicate with the site's boundary controller in order to access the cloud services and resources.

The Challenge

This on-site community cloud scenario requires solutions to sharing - and in some cases, restricting - cloud resources since clients from multiple participant organizations access a common pool of resources

The solution to the sharing problem can be complicated when member organizations leave the community and other non-member organizations want to participate. In either case, those organizations might be the cloud providers, consumers or both.

This on-site community cloud scenario might create a scalability problem because of the number of connections linked to the boundary controller of the cloud service provider.

The CIS Solution

The SIPbiz.net boundary controller solution based on user's unique identification to monitor and control cloud resource access. A user is authorized to access a cloud resource when the user identity is registered and included in the access list of the resource. 

A user is assigned a site specific user identity and it must be registered with the SIPbiz.net boundary controller by the site security administrator for the user to sign on to access the local or remote cloud resources.

The user identity must also be registered with each local and remote cloud resource, such as a web server, for example, in order for the user to access the information kept in the server. The user identity is removed from the cloud resource access lists if the user is to be blocked.

A user is not allowed to access the cloud resources directly. All access requests must be sent to the SIPbiz.net boundary controller which would validate the user's access right before forwarding the request. SIPbiz.net boundary controller blocks the unauthorized (not registered) user.

The participant organizations in the on-site community cloud scenario are connected via links between the SIPbiz.net boundary controllers that allow access through their security perimeters. The SIPbiz.net connection can be initiated by one of the boundary controllers. The successful connection establishment creates trusted internet connection over which transiting information is encrypted.

When a member organization leaves the community, its SIPbiz.net boundary controller connections to other boundary controllers are disconnected and its users' identifications are remove from the cloud resource access lists.

A new member organization is added to the community by connecting its SIPbiz.net boundary controller to other SIPbiz.net boundary controllers. The new member's user identifications must also be registered with local and remote cloud resources.

SIPbiz.net has no architectural limit on the number of trusted connections a boundary controller can create. Each SIPbiz.net boundary controller can initiate or accept new connection.

Benefits and Capabilities

Security Enhancement

  • Connect user devices and servers from behind NAT firewall
  • Mutual inclusive privacy protection with PKI
  • End-to-end encrypted information via TLS

Technology Advantage

  • Scalability: There is no architectural limit on the number of trusted connections a SIPbiz.net can connect. Each SIPbiz.net can initiate and accept multiple TLS connections.
  • Encryption works with or without NAT firewall
  • Encryption works with IPv4 or IPv6 networks
  • Flexible SIPbiz.net connection configurations
    • Point-to-point
    • Point-to-multipoint
    • Full mesh

Learn More

For additional information on how your organization can benefit from SIPbiz.net On-site Community Cloud solution, please contact sipbiz@sipbiz.net.