The Valet Key cloud design pattern

A Valet Key is a special key that some cars have which has limited functionality i.e. it only opens the driver’s side door and starts the engine, and does not open the glove box.

In the cloud, an application can issue an equivalent key, limited in scope and time, in the response to a request. The client then uses this key to access some other resource directly.

Benefits

  • Issuing a key directly to the client means the request can return sooner, freeing up resources to handle other requests. This is especially beneficial when the operation is heavy or long running and would tie up considerable resources e.g. media transfer. Storage and data transfer are generally cheaper than computation.
  • Keys can be issued with a convenient expiry time, allowing short bursts of communication to proceed with only the one initial server request.

Issues

  • Although the keys can have fine grained scope to follow the Principle of Least Privilege, any compromise does nonetheless give an attacker full access to the resource within the scope and time limit.
  • The potential attack surface is larger as it includes the resource itself, in addition to the issuing server and the key itself.
  • Direct oversight of the resource is often lost. For example, it might not be possible to limit the size of an uploaded file, or gather download statistics.

Azure example implementation

  • The upload file request hits the ASP.NET server, which does the lightweight setup of enabling CORS from the client browser, and retrieving a token from the blob storage.
  • The browser can then upload the file directly to the blob.

valey key

Azure Valet Key

Advertisements

Pets vs. Cattle

Pets vs. Cattle is an analogy used to emphasise the differences between the pre-cloud and cloud MOs, and a mindset shift which needs to be taken to make use of the elastic scaling capabilities of the cloud.

Are your servers pets or cattle?

The real challenge is twofold:

The initial golden cow needs to be bred, from which you clone the rest of the herd.

This usually involves converting the current ephemeral state of servers and databases into concrete IaC (Infrastructure as Code) definitions, which can be used to stamp out new servers or database instances at will, in an automated fashion.

New genes need to be easily introduced into the gene pool.

This usually involves automating the release process, so changes to the IaC can be easily diffed, tested and deployed out to each server or database.

 

The other big benefit of cattle is that it becomes very easy for developers and testers to have their own prod-like environment, one per feature-branch, which can be created and deleted at will, quickly.

Azure Virtual Machine Scale Sets is Microsoft’s answer to stamping out cattle.