Intel® Cloud Builders Guide: Cloud Design and Deployment on Intel® Platforms Cloud Gateway Security with Intel® SOA Expressway Audience and Purpose Cloud computing offers a path to greater scalability and lower costs for service providers, infrastructure hosting compa- nies, and large enterprises. Establishing an infrastructure that can provide such capabilities requires experience. Intel has teamed up with leading cloud vendors through the Intel® Cloud Builders program to help any customer design, deploy, and manage a cloud infrastructure. Data center operators, solution archi- tects, application users and architects, and security architects are usually respon- sible for implementing and maintaining the appropriate security model for a particular enterprise, regardless of how the enter- prise exposes itself outside the DMZ. For enterprise IT, cloud services pose unique security challenges compared to traditional access security models. The traditional security model, also known as the single domain security model, focuses on privileged data user access, trusted and anonymous user access, and application access control for data. In the private, public, and hybrid cloud models, however, security require- ments evolve significantly. Early solutions for establishing IaaS connectivity have centered on extending the enterprise network perimeter to encompass the cloud services. This model, normally based on virtual LAN technology, allows for easy bi-directional network access between the established enterprise domain and IaaS- type domains. The basic advantage of this model lies in its simplicity; it’s built using well-understood technology from multiple sources. Plus, it is transparent to higher layers of the open systems interconnect- ion (OSI) network stack, making application integration over the network boundary relatively easy—latency and reliability concerns aside. However, the single domain security model has significant security vulnerabilities. The extended network pattern is essentially one virtual security domain that covers both on- and off-premise resources. The enterprise has substantially increased the attack surface of its perimeter and has created a weak link by giving remote and third-party managed resources unlimited access into the primary network. The authorization domains model, or secure access model, is an efficient alter- native that enforces information security in the cloud environment while addressing the shortcomings in the single domain security model. Authorization domains support independent security domains that cooperate to achieve integration while enforcing a consistent security policy. Here, on- and off-premise applica- tions are deliberately isolated from each other, so that distribution is explicit, even if the exact locations are not. The connect- ing components are service gateways rather than the switches of the VLAN approaches. These gateways are usually based on the technologies of SOA. The Intel Cloud Builders program provides a starting point by supplying a basic hard- ware blueprint and available cloud software management solutions, such as Intel® SOA Expressway. The use cases described in this reference architecture can be used as a baseline to build more complex usage and deployment models to suit specific customer needs. The audience for this reference archi- tecture is cloud service providers, cloud hosters, and enterprise IT that want to realize the revenue potential of their existing data Read the full Intel® Cloud Builders Guide Intel® Xeon® Processor-based Servers Intel® SO A Expressway.