The NIST Cloud Computing Reference Architecture and Taxonomy was designed to accurately communicate the components and offerings of cloud computing. The guiding principles used to create the reference architecture were:
- Develop a vendor-neutral architecture that is consistent with the NIST definition
- Develop a solution that does not stifle innovation by defining a prescribed technical solution
Actors in Cloud Computing
The NIST cloud computing reference architecture defines five major actors. Each actor is an entity (a person or an organization) that participates in a transaction or process and/or performs tasks in cloud computing. The five actors are:
- Cloud user/cloud customer: A user is accessing either paid-for or free cloud services and resources within a cloud. These users are generally granted system administrator privileges to the instances they start (and only those instances, as opposed to the host itself or other components).
- Cloud provider: A company that provides a cloud-based platform, infrastructure, application, or storage services to other organizations and/or individuals, usually for a fee (otherwise known to clients as “as a service”).
- Cloud auditor: A party that can conduct independent assessments of cloud services, information system operations, performance, and security of the cloud implementation.
- Cloud carrier: An intermediary that provides connectivity and transport of cloud services between cloud consumers and cloud providers.
- Cloud services broker (CSB): The CSB is typically a third-party entity or company that looks to extend value to multiple customers of cloud-based services through relationships with multiple cloud service providers. It acts as a liaison between cloud services customers and cloud service providers, selecting the best provider for each customer and monitoring the services. A CSB provides:
- Service intermediation: A CSB enhances a given service by improving some specific capability and providing value-added services to cloud consumers. The improvement can be managing access to cloud services, identity management, performance reporting, enhanced security, etc.
- Service aggregation: A CSB combines and integrates multiple services into one or more new services. The broker provides data integration and ensures the secure data movement between the cloud consumer and multiple cloud providers.
- Service arbitrage: Service arbitrage is similar to service aggregation except that the services being aggregated are not fixed. Service arbitrage means a broker has the flexibility to choose services from multiple agencies. The cloud broker, for example, can use a credit-scoring service to measure and select an agency with the best score.
Cloud Service Models
NIST defines three cloud computing service models: software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS). Often referred to as the SPI model, these acronyms have become synonymous with cloud computing when discussing cloud service models.
Infrastructure as a Service (IaaS)
Infrastructure as a service (IaaS) is a model where the customer can provision equipment as a service to support operations, including storage, hardware, servers, and relevant networking components. While the consumer has use of the related equipment, the cloud service provider retains ownership, and is ultimately responsible for hosting, running, and maintaining the infrastructure. IaaS is also referred to as hardware as a service by some customers and providers.
IaaS has multiple key benefits for organizations, which include, but are not limited to:
- Usage metered and priced on the basis of units (or instances) consumed, allowing it to be billed back to specific departments or functions
- Ability to scale infrastructure services up and down based on usage, which is particularly useful and beneficial where there are significant spikes and dips in usage within the infrastructure
- Reduced cost of ownership, meaning no need to buy assets for everyday use, no loss of asset value over time, and reduction of other related costs of maintenance and support
- Reduced energy and cooling costs, plus a “green IT” environmental effect, with optimum use of IT resources and systems
Platform as a Service (PaaS)
Platform as a service (PaaS) is a way for customers to rent virtualized servers and associated services for running existing applications or developing and testing new ones.
- PaaS has several key benefits for developers, which include, but are not limited to:
- Operating systems can be changed and upgraded frequently
- Where development teams are scattered globally, or across various geographic locations, the ability to work together on software development projects within the same environment can be extremely beneficial
- Services are available and can be obtained from diverse sources that cross international boundaries
- Upfront and recurring or ongoing costs can be significantly reduced by utilizing a single vendor, rather than maintaining multiple hardware facilities and environments
Software as a Service (SaaS)
Software as a service (SaaS) is a distributed model where software applications are hosted by a vendor or cloud service provider and made available to customers over network resources. SaaS is currently the most widely used and adopted form of cloud computing, with users most often simply needing an internet connection and credentials to have full use of the cloud service, application, and data housed.
Within SaaS, there are two delivery models currently used. First is hosted application management (hosted AM), where a cloud provider hosts commercially available software for customers and delivers it over the web (internet). Second is software on demand, where a cloud provider provides customers with network-based access to a single copy of an application created specifically for SaaS distribution (typically within the same network segment). Within either delivery model, SaaS can be implemented with a custom application, or the customer may acquire a vendor-specific application that can be tailored to the customer.
SaaS has several key benefits for organizations, which include, but are not limited to:
- Ease of use and limited/minimal administration
- Automatic updates and patch management; always running the latest version and most up-to-date deployment (no manual updates required)
- Standardization and compatibility (all users have the same version of software)
- Global accessibility
Cloud Deployment Models
. The selection of a cloud deployment model will depend on any number of factors and may well be heavily influenced by your organization’s risk appetite, cost, compliance, regulatory requirements, legal obligations, and other internal business decisions and strategy.
A private cloud service refers to a proprietary network, or data center, owned and architected for use by a specific entity, utilizing cloud technologies to provide services behind a firewall. A private cloud is typically managed by the organization it serves, however, a recent increase in outsourcing the general management of this to trusted third parties has been noted. A private cloud is typically only available to the entity or organization, its employees, contractors, and selected third parties.
The private cloud is also sometimes referred to as the “internal” or “organizational” cloud. Key drivers or benefits of private cloud typically include:
- Increased control over data, underlying systems, and applications
- Ownership and retention of governance controls
- Assurance over data location
Private clouds are typically more popular among large, complex organizations with legacy systems and heavily customized environments. Additionally, where a significant technology investment has been made, it may be more financially viable to utilize and incorporate these investments within a private cloud environment than to discard or retire such devices.
A public cloud is the service available to the general public over the internet, in which a customer can access cloud service provider resources, such as applications and storage, on demand, either in the form of a free service or offered on a pay-per-usage model. Key drivers or benefits of public cloud typically include:
- Easy and inexpensive setup because hardware, application, and bandwidth costs are covered by the provider
- Streamlined provisioning of resources
- Scalability to meet customer needs
- No wasted resources (pay per usage)
Given the increasing demand for public cloud services, many providers are now offering and remodeling their services as public cloud offerings. Significant and notable providers in the public cloud space include Amazon, Microsoft, Salesforce, and Google Apps, among others.
“Virtual private cloud” is not a NIST deployment model, but a description of a public cloud option where a segment of a public CCSP infrastructure is segregated from the broader cloud environment for the exclusive use of a single customer. This on-demand service gives the customer a configurable pool of shared computing resources and provides a certain level of isolation from the provider’s other customers. Isolation is normally achieved through allocation of private network IP subnets, a virtual local area network (VLAN), or sets of independent encrypted communication channels. Access to a customer’s VPC is provided using CSP-dictated remote access procedures.
Community clouds offer a valuable and cost-effective manner for specified groups or entities with a similar focus, or with common compliance and requirements, to operate in a multitenant infrastructure. Community clouds can be on-premises or off-site and should give the benefits of a public cloud deployment, while providing heightened levels of privacy, security, and regulatory compliance.
A hybrid cloud is built by combining multiple forms of cloud computing deployment models, typically public and private cloud. Hybrid cloud computing is gaining in popularity, as it provides organizations the ability to retain control of their IT environments, offers the convenience of allowing organizations to use public cloud service to fulfil non mission-critical workloads, and takes advantage of flexibility, scalability, and cost savings. Key drivers of benefits of hybrid cloud deployments include:
- Retain ownership and oversight of critical tasks and processes related to technology
- Reuse previous investments in technology within the organization
- Control over most critical business components and systems
- Cost-effective means of fulfilling noncritical business functions (utilizing public cloud components);
- “Cloud bursting” (when your private cloud workload maximum is reached, utilizes public cloud resources to help support) and disaster recovery can be enhanced by hybrid cloud deployments
While numerous benefits are realized with hybrid cloud deployments and cloud models, these can often be time consuming and laborious at the start, as most companies and entities encounter integration and migration issues at the outset.