Log in / Register
Home arrow Computer Science arrow Building the Infrastructure for Cloud Security
< Prev   CONTENTS   Next >

Mt. Wilson API Usage

There are two options for the requesters of attestation information to call into

Mt. Wilson APIs. A direct invocation of the REST APIs is the most basic approach to use and integrate with Mt. Wilson. The user is required to implement the complete API request specifications. This would mean pre-processing the creation and handling of keys and authentication, and post-processing of information for a successful API invocation, and the correct processing of the responses. An API toolkit (called API Client Library) is available to simplify the invocation of the APIs, with bindings for different languages like Java, C#, and Python. This toolkit encapsulates multiple API calls, creation and handling of RSA keys and certificates, and authentication and processing of API responses (which are SAML signed assertions). Using this toolkit, the users can make Java (or C# or Python) function calls to communicate with the system. The sample code and examples that are used in this chapter use the Java binding of the API toolkit.

There are three different options for the .jar file:

1. Zip file containing the api-client .jar and related dependencies

2. Single .jar with dependencies

3. Single .jar with dependencies shaded to prevent conflicts with other libraries

Deploying Mt. Wilson

There are multiple models for deploying attestation components in a data center. Ideally, attestation is transparent to applications, carrying its function quietly in the background. In practice, it's far from that. How unobtrusive attestation technology is depends upon the deployment method. Some of the possible models include:

• Dedicated virtual appliances

• Dedicated physical appliances

• Integrated as a function in security application software

• Integrated in cloud and virtualization management software

• Offered as a component of a cloud service

• Integrated as a attestation of a service

Mt. Wilson is delivered today as a virtual appliance, and it is being integrated into security software applications such as HyTrust's Cloud Control, as well as cloud management software such as Virtustream's xStream. An initial approach for adoption is to package and deliver Mt. Wilson software as a separate appliance with cloud management and security management independent software vendor offerings. As the usage and experiences increase with increased design and development of attestationbased solutions, other models with tighter integration will become possible.

As attestation APIs become standardized and integral to the interactions and operations of a trusted cloud infrastructure, there is opportunity for providing valueadded services on top of the core attestation APIs. This could lead security management and cloud service providers to offer attestation as a service, with granular control to the usage and evolution of the APIs.

Found a mistake? Please highlight the word and press Shift + Enter  
< Prev   CONTENTS   Next >
Business & Finance
Computer Science
Language & Literature
Political science