Common Understanding Wiki
A Common Knowledge Source of Terms and Definitions
Cloud Computing #
The NIST standard defines Cloud computing as "a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment." These are detailed below. Cloud Stakeholders are defined on an extra page.
Table of Contents [-]
- Cloud Computing
- Cloud Characteristics
- Cloud Service Models
- Cloud Operation Models
- Cloud Architecture
- Other Terms
Cloud Characteristics #
The main features of a Cloud platform according to the NIST Standard are on-demand self-service, broad network access, resource pooling, rapid elasticiy, and measured service. The exact NIST definitions are pasted below.
In practise, 'broad network access' means that the X a user gets at an XaaS system can be accessed over network by hundres, thousands or even hundres of thousand users at the same time. 'Measured service' in turn means that the user can check the resources he is using. 'Resource pooling' means that the provider has the capacity to server multiple (many, many) users and is able to sustain the increasing demands of customers.
The key differentiating factors that differentiate cloud platforms from other forms of hosting providers is the on-demand self-service in combination with the rapid elasticity property. In that sense a user will not only be able to automatically request a resource without human interaction, but also to get the response that request in the order of seconds.
On-demand self-service. #
A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider
Broad network access. #
Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations).
Resource pooling. #
The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, and network bandwidth.
Rapic elastictiy. #
Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time.
Measured service. #
Cloud systems automatically control and optimize resource use by leveraging a metering capability (on a pay per use or charge per use basis) at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service.
Cloud Service Models #
Cloud Service Models define what kind of service/entity the cloud customer buys from the cloud provider. The "NIST cloud computing reference architecture" refers to service model as "Service Layer".
Software as a Service (SaaS) #
SaaS is defined by NIST as the capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user specific application configuration settings.
Beside the application specific data protection challenges and control of certain connectivity constraints (such as enforcing encrypted communications over the web front-end using https) the consumer must delegate the enforcement completely to the provider as the underlying infrastructure and services are unknown in terms of technology, geographical location. An assessment of the data protection is not possible via the client interfaces.
Platform as a Service (PaaS) #
Platform as a Service (PaaS) is defined by NIST as "The capability provided to the consumer is to deploy onto the cloud infrastructure consumer created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment."
Similar to the SaaS model the consumer has only a very limited ability to control the enforcement and enactment of data protection policies and must rely on the provider to deliver the services in accordance to the required procedures and levels.
Infrastructure as a Service (IaaS) #
Infrastructure as a Service (IaaS) is defined by NIST as "The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls)."
As this model provides more control to the consumer it also comes with more possibilities to enforce data protection independently from the IaaS provider. For example on top of the provided storage infrastructure (e.g. Dropbox) a user can perform the necessary encryption or distribution of data parts to meet certain requirements but has no control about constraining the physical location of the server, the surroundings of the server (e.g. type of room, thickness of the walls around the servers, access policies of system administrators etc.)
Cloud Operation Models #
The Term Clouds can not only be defined along horizontal layers but orthogonally one need to consider also different operation models. Both schemes are independent so that for example there can be public IaaS and public SaaS Clouds.
Public Cloud #
Starting again with the definition from NIST defining a Public Cloud as an “infrastructure [is] provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.” This means that the infrastructure is used simultaneously be a potentially very large number of other consumers (“multi-tenancy”). Consumers are not aware or have any knowledge about their fellow consumers and have no control or information if their services run on the same physical hardware, share network connections or similar with other consumers.
Private Cloud #
In contrast to the public cloud a private cloud according to NIST is defined as “infrastructure [is] provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.” Such an infrastructure is under complete control of the provider who is as the same time the only consumer. Such an infrastructure does not differ from a data protection viewpoint from any virtualised or physical server infrastructure widely used in any business as of today.
Community Cloud #
The definition of the community cloud is different from the private cloud that it is not only one organization operating the cloud but a group of collaborators. NIST defines this type of cloud as “infrastructure [is] provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises.”
Hybrid Cloud #
The models mentioned above are not excluding each other. Quite often a mixture of the models is applied in particular for different application different infrastructure might be more suitable. The NIST definition says that hybrid cloud “infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).”
Cloud Architecture #
Physical Resource Layer #
Includes all the physical resources used to provide cloud services, most notably, the hardware and the facility.
Resource Abstraction Layer #
Entails software elements, such as hypervisor, virtual machines, virtual data storage, and supporting software components, used to realize the infrastructure upon which a cloud service can be established.
Other Terms #
Cloud Service Orchestration #
Refers to the arrangement, coordination and management of cloud infrastructure to provide different cloud services to meet IT and business requirements.
Guest Operating System #
An Operating System under the control of the cloud customer (running in a virtualised environment).
Virtual Machine #
A Virtual Machine provides a complete virtual computer including CPU, RAM, and storage which supports the execution of a full-blown operating systems called Guest Operating System.