NetIQ Documentation: NetIQ Cloud Manager 2.3 Product Overview - Public Cloud

4.2 Public Cloud

In a public cloud environment, a service provider makes computing services (applications and storage, for example) available and accessible to the general public over the Internet. Public cloud services can be free or offered on a pay-per-usage model. The self-service capabilities of NetIQ Cloud Manager, combined with its embedded approval and change management, delivers the base for a trusted, low-maintenance public cloud solution where all costing elements are exposed and provided prior to consumption.

Although there might be little or no difference between public and private cloud architectures, service providers typically incorporate substantial security measures before they offer services over a non-trusted network for customers in the public domain.

The following diagram illustrates the basic components you should consider as integral if you plan on building a public cloud environment where NetIQ Cloud Manager is the principal management tool of virtual computing resources.

Figure 4-2 Cloud Manager components in a public cloud structure

There are several deployment considerations in a Cloud Manager public cloud structure:

Access to virtual machine consoles is provided by the Cloud Manager Application Server Console (a Web-based interface).
A reverse proxy (such as NetIQ Access Manager) takes care of the SSL endpoint work and redirects from port 80/443 to port 8183 on the Cloud Manager Application Server.
The external firewall must allow incoming connections to the reverse proxy on port 80/443 and on the remote console port (a high port between 8000 and 65535, as configured in Cloud Manager). Alternatively the remote console port can be tunneled through the reverse proxy.
Cloud Manager must have access to the ports that expose workload consoles on the hypervisors. For VMware 5.x, these are ports 50000-50999.
Administrative functions are separated between the service provider and the consuming organizations. The service provider (whose administrative rights can be directly assigned or delegated) maintains and operates the Cloud Manager infrastructure (including such things as template management, storage, and resource pooling) while the organizations paying for services use the Cloud Manager Application Server Console to manage a VM’s lifecycle (including change requests).