Alibaba Cloud RAM — Part 1: An Overview of Resource and Access Management

Image for post
Image for post

By Shantanu Kaushik

Cloud computing and security go hand-in-hand when it comes to a stable and reliable solution. Identity and access management plays an important role in managing different resource access, user groups, and permissions. Granting or denying privileges is the basis of maintaining a hierarchy within an organization.

Why Do You Need Identity and Access Management?

Enterprises have to enable identity and access management to safeguard information and resources against compromised access possibilities. Threats like phishing, spyware, ransomware, and other types of malicious attacks can cripple an organization’s productivity and reputation.

A reliable and active identity and access management suite can prevent attacks and maintain a protection layer over resources that account for application functionality by maintaining user access. A centralized system can further the productivity of any business. If this solution is deeply integrated with other products deployed within an organization, it is considered a plus for security and reliability.

The Alibaba Cloud Solution | RAM

An Introduction to Alibaba Cloud RAM

Image for post
Image for post

Alibaba Cloud RAM for an enterprise IT solution manages and defines different roles and manages the access of resources for different users or user groups across applications and products. Roles and responsibilities can be directly proportional to the level of access granted or denied by Alibaba Cloud RAM.

Let’s imagine that there are different organizational user groups, such as administration, IT, management, and general staff. Then, there are customers. An enterprise might define multi-tier user groups and access lifecycles based on how deeply integrated and interactive the service roles are.

Alibaba Cloud RAM provides administrators with the tools and resources to define, manage, and change user roles. Administrators can track user activities and generate detailed reports indicating different access times, resource usage, and any other defined or required detail. A properly configured RAM can ensure compliance with corporate or government rules and regulations.

The Features of Alibaba Cloud RAM

With Alibaba Cloud RAM, you can:

  • Manage Users and User Groups
  • Centralized Management: You can manage all user authorization functions from your console without configuring and managing different systems.
  • Enable (MFA) Multi-Factor Authentication for Users
  1. MFA Devices with TOTP Protocol
  2. Assign Special Permissions (Virtual Host Shutdown)
  1. API Access Keys for Programmable Access
  2. Access Keys for Console Operations Management
  • Use Security Token Service for Mobile Clients
  1. Grant Specific Cloud Resource Access Permissions for Direct Access to Cloud Resources
  2. Set Custom Token Validity to Enhance Secure Access
  • Apply Independent Password Policy Management
  1. Set Custom Password Strength Policies
  2. Control Allowed Logon Attempts
  3. Control Password Validity Period
  4. Other Custom Policies
  • Manage instances and data by RAM users, which is not dependent on user existence
  • Set Execution Permission
  1. Permissions like denying or allowing conditional execution of certain resources
  • Manage Resource Access Channels
  • Set Group Permissions
  1. Scenario-Specific Access Management
  2. Reduced Load for Permission Management
  • Manage Timed Access
  • Define Access Based on IP-address Filtering
  • Use Single Sign-On Service (SSO)
  • Use User-Based and Role-Based SSO with Identity Providers (IdPs)
  • Multi-Tier Access Management
  1. Grant permission for one or multiple operations on a single resource
  2. Restrict permissions based on IP, time, and other custom factors
  • Use Version Management
  1. Multiple versions of each authorization policy may be retained, eliminating the risk of policy deletion
  • Pay Nothing
  1. Alibaba Cloud Resource and Access Management (RAM) is offered free of cost with other Alibaba Cloud products and services.

How Does It Work?

The third layer or stage is authorization and access control. In this layer, different access levels and resource allocation is set for different users or user groups. Auditing and report generation takes place here. The system is managed and regulated based on security and compliance standards that your enterprise or the government has put in place.

Several authentication scenarios are put in place, with different authorization and access protocols to ensure proper resource usage. All of these layers coming together make up the Alibaba Cloud RAM system.

Wrapping Up

In Part 2 of this series on Alibaba Cloud Resource and Access Management (RAM), we will discuss the real-world challenges that enterprises face with Identity and Access Management and how to overcome these challenges using Alibaba Cloud RAM. In Part 3 of this series, we will list all of the usage scenarios related to Alibaba Cloud RAM. We will also list all of the cloud services that support RAM integration and present a how-to article on using Alibaba Cloud RAM to maintain security.

Upcoming Articles

  1. Alibaba Cloud RAM — Part 3: Usage Scenarios

Original Source:

Follow me to keep abreast with the latest technology news, industry insights, and developer trends.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store