Cloud computing introduces new and different economic, operational, and business models. It doesn’t, however, change the fundamentals of technology or security. Although standardization and automation drive revolutionary change in those three domains, fundamentally, cloud computing still delivers compute, storage, and networking services. This post describes these fundamental services and the basic structure of cloud service providers.
Compute services combine computing processing unit (CPU), memory, and ephemeral storage capabilities using virtual machines. A virtual machine is a computer file, called an image, that emulates a real computer. The environment is segregated from all other cloud users. The virtual machine is sandboxed and cannot be used to access the underlying physical computer. Multiple virtual machines operate on the same physical computer simultaneously. This reduces costs and physical hardware quantities, associated maintenance costs, power consumption, and data center cooling requirements. Virtual servers scale quickly but may have reduced performance when compared to directly using a single-tenant physical server. Cloud service providers usually provide a choice of operating systems (e.g., Linux, Microsoft Windows, Solaris, etc). Virtual machines can also have varying numbers of computing cores, amount of RAM, IOPS, and available ephemeral storage. Autoscaling is used to automatically change the number of VMs deployed. This number rises or falls automatically based on workload.
Storage services are either ephemeral (as provisioned with virtual machines) or persistent. Persistent storage remains available after a virtual machine is de-provisioned and is normally backed by mechanical hard disk drives or solid-state drives. The two most used types of persistent storage services are volume and object. Volume or block storage is normally used for structured data. Object or blob (binary large object) storage is typically used for unstructured data. Object storage data elements are organized in a folder hierarchy, and each element has a globally unique identifier.
Failure tolerance in a storage offering is provided through duplication of data element copies across the cloud environment. If one of these copied versions is lost, data is still recoverable from the other copies. Storage consistency is a fundamental concept in cloud computing and describes the time it takes for all data copies to be the same. Strict consistency ensures that all copies of the data have been duplicated among all relevant copies before finalizing the transaction to increase availability. In eventual consistency, the consistency of data is relaxed, which reduces the number of replicas that must be accessed during read and write operations before the transaction is finalized. When using eventual consistency, data changes are eventually transferred to all data copies through asynchronous propagation via the network.
Some providers also offer key-value storage that delivers higher availability and performance. This service distributes data across different IT resources and locations and can meet more flexible data structure requirements. Archival storage is very long-term data storage that typically uses SAN, optical, or magnetic tape technologies. This can be used to meet regulatory or legal data retention requirements.
Storage capabilities can also be accessed using CSP-provided database services. These PaaS offerings normally align as either a relational form Structured Query Language (SQL) or nonrelational (NoSQL) type. SQL relational databases handle data comprising large numbers of similar data elements. These elements have specified dependencies among each other. Users make specific assumptions regarding the data structure and the relationship consistency between the retrieved data elements when this structured data is queried. Data elements are recorded in tables and columns that represent data element attributes. Table columns may also enforce dependencies for how entries in one table column relate to a corresponding column in a different table. These dependencies are strictly enforced. In NoSQL databases (e.g., Cassandra, Mongo, MapReduce), there is no enforced database structure. The data manipulation process is split up and mapped to multiple application components. As distributed applications are scaled out, data processing is similarly distributed among multiple components. The data processing components simultaneously execute the query to be performed on assigned data chunks. Processing results are consolidated into a single result data set.
Networking services connect cloud components together to provide elastic infrastructures and platforms. They rely on physical network hardware that has been virtualized into a software-defined network (SDN). Physical components (e.g., networking interface cards [NICs], switches, routers) are abstracted into virtualized equivalents that can be managed by CSP customers. By using a self-service interface, customers can design, implement, and configure virtual circuits, firewalls, load balancers, network address translations (NATs), and network cross-connects. They can also isolate groups of virtual components into what are generally referred to as security groups. The security group construct is used to control communications ports, protocols, virtual local area networks (VLANs), and virtual wide area networks. Critical CSP management functions are conducted over three special SDNs referred to as the management plane, control plane and data/forwarding plane. The management plane is used to provision, configure, and de-provision all cloud resources to external and internal CSP customers. The control plane connects provisioned resources to each other as specified by each individual tenant into segregated networks. The data or forwarding plane is used to transfer individual tenant data to and from that specific tenant’s provisioned virtual compute and storage resources.