Actors: cloud-subscriber, cloud-provider
Goals: The cloud-subscriber should have the capability to create VM images that meet its functions, performance and security requirements and launch them as VM instances to meets its IT support needs.
Assumption: The cloud-subscriber has an account with an IaaS cloud service that enables creation of Virtual Machine (VM) images and launching of new VM instances. The cloud-provider shall offer the following capabilities for VM Image creation to the cloud-subscriber:
1) A set of pre-defined VM images that meets a range of requirements (O/S version, CPU cores, memory, and security)
2) Tools to modify an existing VM image to meet cloud-subscriber's requirements
3) Tools to create a new VM image from scratch
The cloud-provider shall support the following capabilities with respect to launching of a VM instance:
1) Secure launching of a VM instance (e.g., enabling creation of an asymmetric cryptographic key pair)
2) Secure administration of the cloud-subscriber's VM instance through the ability to:
· configure certain ports (e.g., opening of port 22 for enabling a SSH session;
· allow cloud-subscriber's scanning tools on the launched VMs for presence of appropriate patches (based on Guest O/S) or absence of malware
3) Cloud-subscriber shall be able to suspend and re-start VM instances
Success Scenario: (AllocateVM, IaaS): (1) The cloud-subscriber requests a specific pre-defined Virtual Machine image supplied by the cloud-provider (O/S, CPU cores, memory, and security) and launches new VM instances. (2) The cloud-subscriber is able to modify a VM image according to their requirements using cloud-provider's tools. (3) The cloud-subscriber has secure launching and administration of their VM instance.
Failure Condition: (1) The cloud-subscriber is not able to successfully complete a request to create a Virtual Machine from cloud-provider's inventory; (2) The cloud-subscriber is not able to modify or create a Virtual Machine image according to their specifications with the cloud-provider's toolset; (3) The cloud-subscriber is not able to invoke their required security protections on their VM image/VM instance.
Failure Handling: (1) The cloud-provider must verify that the request made by the cloud-subscriber is valid and then take corrective steps to assist the cloud-subscriber or take necessary action to provide the VM configuration; (2) The cloud-provider must verify correct usage of their toolset, assist the cloud-subscriber or allow the cloud-subscriber to use their own methodology for VM creation; (3) On receipt of a security error message, the cloud-subscriber retries the operations; on multiple failures, the cloud-subscriber contacts the cloud-provider for resolution of the failure.
Credit: Amazon Web Services