A by a cloud service provider to

cloud environment typically includes three types of servers: Cloud
Controller Server (CCS), Cloud Compute Server (CCoS), and Cloud
Networking Server (CNS). All tasks related to cloud management are handled at CCS while CCoS hosts various virtual machines (VMs). CNS
is responsible for providing networking capabilities such as network
configuration, IP allocation, and routing of traffic to cloud servers. It also allows virtual machines to connect to the Internet. There are usually three networks in the cloud: tenant network, administrative network and external network. Tenant traffic flows through the hosted client network configured to run in a virtualized environment. Each
client network is associated with a set of virtual machines and is
vulnerable to attacks from one virtual machine to another virtual
machine in the same client subnet. An
administrative network is responsible for connecting all cloud servers,
it is mainly used to create a virtual machine, destroy a virtual
machine, resume a virtual machine and allocate storage. The administrative network is less vulnerable to attacking tenant virtual machines because of access rights issues. The
external network connects virtual machines to foreigners over the
Internet, and is vulnerable to various traditional attacks. Different
roles are created for different cloud members, such as the cloud
service provider, the cloud administrator, the tenant administrator, and
the tenant users. A
cloud administrator is a person employed by a cloud service provider to
manage a cloud infrastructure and usually has privileged access. If users want to become tenants (cloud client / tenant), they must register with the service provider. A
tenant administrator is responsible for configuring and allocating
policies to a set of virtual machines and is granted additional
privileges by the cloud administrator. Tenant users are responsible for running applications and services in tenant virtual machines.