NIST logo

****Working Document****

3.7      VM Control: Allocate VM Instance

Actors: cloud-subscriber, cloud-provider

Goals: The cloud-subscriber should have the capability to create VM images that meet its functions, performance and security requirements and launch them as VM instances to meets its IT support needs.

Assumption: The cloud-subscriber has an account with an IaaS cloud service that enables creation of Virtual Machine (VM) images and launching of new VM instances. The cloud-provider shall offer the following capabilities for VM Image creation to the cloud-subscriber:

1)      A set of pre-defined VM images that meets a range of requirements (O/S version, CPU cores, memory, and security)

2)      Tools to modify an existing VM image to meet cloud-subscriber's requirements

3)      Tools to create a new VM image from scratch

The cloud-provider shall support the following capabilities with respect to launching of a VM instance:

1)      Secure launching of a VM instance (e.g., enabling creation of an asymmetric cryptographic key pair)

2)      Secure administration of the cloud-subscriber's VM instance through the ability to:

·         configure certain ports (e.g., opening of port 22 for enabling a SSH session;

·         allow cloud-subscriber's scanning tools on the launched VMs for presence of appropriate patches (based on Guest O/S) or absence of malware

3)      Cloud-subscriber shall be able to suspend and re-start VM instances

Success Scenario: (AllocateVM, IaaS): (1) The cloud-subscriber requests a specific pre-defined Virtual Machine image supplied by the cloud-provider (O/S, CPU cores, memory, and security) and launches new VM instances. (2) The cloud-subscriber is able to modify a VM image according to their requirements using cloud-provider's tools. (3) The cloud-subscriber has secure launching and administration of their VM instance.

Failure Condition: (1) The cloud-subscriber is not able to successfully complete a request to create a Virtual Machine from cloud-provider's inventory; (2) The cloud-subscriber is not able to modify or create a Virtual Machine image according to their specifications with the cloud-provider's toolset; (3) The cloud-subscriber is not able to invoke their required security protections on their VM image/VM instance.

Failure Handling: (1) The cloud-provider must verify that the request made by the cloud-subscriber is valid and then take corrective steps to assist the cloud-subscriber or take necessary action to provide the VM configuration; (2)  The cloud-provider must verify correct usage of their toolset, assist the cloud-subscriber or allow the cloud-subscriber to use their own methodology for VM creation; (3) On receipt of a security error message, the cloud-subscriber retries the operations; on multiple failures, the cloud-subscriber contacts the cloud-provider for resolution of the failure.

Credit: Amazon Web Services