Seite 66 - Cloud Migration Version 2012 english

66 
are connected by 2 or 4 Mbit per second lines, these resource demands are 
very significant. 
Secure access 
Secure access to a Cloud service provided by an internal IT department will 
depend on a number of technical and/or organizational measures. The main 
point is to define up front from where access will occur. If access to the 
Cloud service is from your own business premises or a subsidiary, securing 
access is simplified by restricting physical access to the terminal devices. In 
the case of external access to a Cloud service, it is important once more to 
distinguish between a VPN and the Internet. Cloud services accessible via 
the Internet require more security. The focus here is on authenticating the 
user of the system and on encryption of the data stream. Authentication 
should include another data field, besides the username and password, 
known as a one‐time password. One‐time passwords can be sent as text 
messages or provided via a token system. If the one‐time password is 
entered by the user correctly, and if the system can authenticate the user, 
authorisation is granted. This means that a valid access privilege needs to be 
granted to allow the user to access specific data and programs. Access from 
the terminal device to this data will ideally use an encrypted connection to 
prevent the data from being modified in transit. Encryption today typically 
relies on at least 2048 bit long SSL keys and should, depending on the 
state‐of‐the‐art, be easily extensible to longer key lengths or other 
encryption methods. 
Integrating Cloud resources with local IT ‐ Cloud Bridging 
Another task for local IT is to transparently handle network traffic between 
the resources at the local datacentre and the external resources 
(
Infrastructure as a Service). Where could this kind of solution be necessary? 
For example, in an enterprise that attempts to resort to resources in the 
Amazon Elastic Compute Cloud at peak periods. Unfortunately, you cannot 
just install an additional server in the Cloud and expect its performance to 
be available on the local enterprise network. There a solution offered by 
Amazon known as the Amazon Virtual Private Cloud, which gives companies 
the ability to create a "private" network inside the Amazon Cloud service. 
This instance then needs to be integrated transparently with the company 
network to make sure that clients on the company network can access the 
servers in the Amazon EC². Without reconfiguring all of your clients, this can 
only work if the server network from the Amazon EC² Cloud appears to be a 
local network. This solution is known by the manufacturers as a "Cloud