SRI KRISHNA COLLEGE OF ENGINEERING AND TECHNOLOGY

Kuniamuthur, Coimbatore, Tamilnadu, India

An Autonomous Institution, Affiliated to Anna University,
Accredited by NAAC with “A” Grade & Accredited by NBA (CSE, ECE, IT, MECH ,EEE, CIVIL& MCT)

Course : 19CSI703 - Cloud Computing

Module : 1
Topic : NIST Cloud Computing Reference Model
Faculty : Mr. Pradeep G
Department : M.Tech – Computer Science & Engineering

1
 Topics Covered

▪ Cloud Computing Reference Model

– Cloud Consumer
– Cloud Provider
– Cloud Broker
– Cloud Auditor
– Cloud Carrier

G.Pradeep, AP/CSE 2
 Cloud Conceptual Reference Model
⚫ Cloud High-level architecture
⚫ Five major actors with their roles,
responsibilities, activities and functions in cloud
computing.
⚫ Understanding of the requirements, uses,
characteristics and standards of cloud
computing.
1. Cloud Consumer
2. Cloud Provider
3. Cloud Broker
4. Cloud Auditor
5. Cloud Carrier

G.Pradeep, AP/CSE 3
 Actors in Cloud Computing
⚫ Cloud Consumer A person or organization that maintains a
business relationship with, and uses service from, Cloud
Providers.
⚫ Cloud Provider A person, organization, or entity responsible
for making a service
available to interested parties.
⚫ Cloud Auditor A party that can conduct independent
assessment of cloud services, information system operations,
performance and security of the cloud implementation.
⚫ Cloud Broker An entity that manages the use, performance
and delivery of cloud
services, and negotiates relationships between Cloud Providers
and Cloud Consumers.
⚫ Cloud Carrier An intermediary that provides connectivity and
transport of cloud services from Cloud Providers to Cloud
Consumers.

G.Pradeep, AP/CSE 4
 Scenarios in Cloud: 1
1. Cloud consumer interacts with the cloud
broker instead of contacting a cloud
provider directly.
2. The cloud broker may create a new
service (mash up) by combining multiple
services or by enhancing an existing
service.
3. Actual cloud providers are invisible to
the cloud consumer.

5
G.Pradeep, AP/CSE
 Scenarios in Cloud: 2
1. Cloud carriers provide the connectivity
and transport of cloud services from
cloud providers to cloud consumers.
2. Cloud provider participates in and
arranges for two unique service level
agreements (SLAs), one with a cloud
carrier (e.g. SLA2) and one with a cloud
consumer (e.g. SLA1).
3. A cloud provider may request cloud
carrier to provide dedicated and
encrypted connections to ensure the
cloud services (SLA’s).

6
G.Pradeep, AP/CSE
 Scenarios in Cloud: 3
1. Cloud auditor conducts independent
assessments for the operation and
security of the cloud service.
2. The audit may involve interactions
with both the Cloud Consumer and
the Cloud Provider.

G.Pradeep, AP/CSE 7
 Cloud Consumer
• Cloud consumer browses & uses the service.
• Cloud consumer sets up contracts with the cloud provider.

• Cloud consumers need SLAs to specify the technical performance

requirements fulfilled by a cloud provider.

• SLAs cover the quality of service, security, remedies for performance

failures.

• A cloud provider list some SLAs that limit and obligate the cloud
consumers by must acceptance.

• Cloud consumer can freely choose a cloud provider with better pricing
with favorable conditions.

• Pricing policy and SLAs are non-negotiable.

G.Pradeep, AP/CSE 8
Cloud Consumer

G.Pradeep, AP/CSE 9
 Cloud Provider
• Cloud Provider acquires and manages the computing infrastructure required
for providing the services, runs the cloud software that provides the services,
and makes arrangement to deliver the cloud services to the Cloud Consumers
through network access.
• SaaS provider deploys, configures, maintains and updates the operation of the
software applications on a cloud infrastructure. SaaS provider maintains the
expected service levels to cloud consumers.
• PaaS Provider manages the computing infrastructure for the platform and
components (runtime software execution stack, databases, and other
middleware).
• IaaS Cloud Provider provides physical hardware and cloud software that
makes the provisioning of these infrastructure services, for example, the
physical servers, network equipments, storage devices, host OS and
hypervisors for virtualization.
N
Re

G.Pradeep, AP/CSE 10
 Cloud Provider
Five major activities of Cloud Provider's
• Service deployment
• Service orchestration
• Cloud service management
• Security
• Privacy

11
G.Pradeep, AP/CSE
 Cloud Auditor
• Audits are performed to verify conformance to standards.
• Auditor evaluates the security controls, privacy impact, performance,
etc.
• Auditing is especially important for federal agencies.
• Security auditing, can make an assessment of the security controls to
determine the extent to which the controls are implemented correctly,
operating as intended, and producing the desired outcome.This is
done by verification of the compliance with regulation and security
policy.
• Privacy audit helps in Federal agencies comply with applicable
privacy laws and regulations governing an individual's privacy, and
to ensure confidentiality, integrity, and availability of an individual's
personal information at every stage of development and operation.

G.Pradeep, AP/CSE 12
 Cloud Broker
• Integration of cloud services can be complex for consumers. Hence
cloud broker, is needed.
• Broker manages the use, performance and delivery of cloud services
and negotiates relationships between cloud providers and cloud
consumers.
• In general, a cloud broker can provide services in three categories:
• Service Intermediation: Broker enhances a service by improving
capability and providing value-added services to consumers. The
improvement can be managing access to cloud services, identity
management, performance reporting, enhanced security, etc.
• Service Aggregation: Broker combines and integrates multiple
services into one or more new services. The broker provides data
integration and ensures the secure data movement.
• Service Arbitrage: It is similar to service aggregation with the
flexibility to choose services from multiple agencies. For example,
broker can select service with the best response time.

G.Pradeep, AP/CSE 13
Cloud Carrier
• Cloud carriers provide access to consumers through network,
telecommunication and other access devices.
• For example, cloud consumers can obtain cloud services through
network access devices, such as computers, laptops, mobile phones,
mobile internet devices (MIDs), etc.
• The distribution of cloud services is normally provided by network
and telecommunication carriers or a transport agent, where a
transport agent refers to a business organization that provides
physical transport of storage media such as high-capacity hard
drives.
• Cloud provider can set up SLAs with a cloud carrier to provide
services consistent with the level of SLAs offered to cloud
consumers.

G.Pradeep, AP/CSE 14
 Scope of Control between Provider
and Consumer
• Application layer are used by SaaS consumers, or installed/managed/
maintained by PaaS consumers, IaaS consumers, and SaaS providers.
• Middleware is used by PaaS consumers,
installed/managed/maintained by IaaS consumers or PaaS providers.
Middleware is hidden from SaaS consumers.
• IaaS layer is hidden from SaaS consumers and PaaS consumers.
• Consumers have freedom to choose OS to be hosted.

G.Pradeep, AP/CSE 15
Cloud Computing Reference Architecture
• Service Deployment
• Service Orchestration
• Cloud Service Management
• Business Support
• Provisioning and Configuration
• Portability and Interoperability
• Security
• Cloud Service Model Perspectives
• Implications of Cloud Deployment Models
• Shared Security Responsibilities
• Privacy

G.Pradeep, AP/CSE 16
 Service Deployment
• As identified in the NIST cloud computing definition, a cloud
infrastructure may be operated in one of the following deployment
models: public cloud, private cloud, community cloud, or hybrid cloud.
• The differences are based on how exclusive the computing resources are
made to a Cloud Consumer.
• A public cloud is one in which the cloud infrastructure and computing
resources are made available to the general public over a public
network.
• A public cloud is owned by an organization selling cloud services, and
serves a diverse pool of clients.
• A private cloud gives a single Cloud Consumer‟s organization the
exclusive access to and usage of the infrastructure and computational
resources. It may be managed either by the Cloud Consumer
organization or by a third party, and may be hosted on the
organization’s premises (i.e. on-site private clouds) or outsourced to a
hosting company (i.e. outsourced private clouds).

G.Pradeep, AP/CSE 17
 Service Deployment

Public Cloud

On-site Private Cloud Out-sourced Private Cloud 18

G.Pradeep, AP/CSE
 Service Deployment
On-site Community Cloud

Outsourced Community Cloud

Hybrid Cloud 19
G.Pradeep, AP/CSE
 Service Orchestration
• Service Orchestration refers to the composition of system components to
support the Cloud Providers activities in arrangement, coordination and
management of computing resources in order to provide cloud services to
Cloud Consumers.
• A three-layered model is used in this representation, representing the grouping
of three types of system components Cloud Providers need to compose to
deliver their services.
• The top is the service layer, this is where Cloud Providers define interfaces for
Cloud Consumers to access the computing services.
• The middle layer in the model is the resource abstraction and control layer. This
layer contains the system components that Cloud Providers use to provide and
manage access to the physical computing resources through software
abstraction.
• The lowest layer in the stack is the physical resource layer, which includes all
the physical computing resources. This layer includes hardware resources, such
as computers (CPU and memory), networks (routers, firewalls, switches,
network links and interfaces), storage components (hard disks) and other
physical computing infrastructure elements.
G.Pradeep, AP/CSE 20
 Service Orchestration

Cloud Provider - Service Orchestration

G.Pradeep, AP/CSE 21
 Cloud Service Management
• Cloud Service Management includes all of the service-related functions
that are necessary for the management and operation of those services
required by or proposed to cloud consumers.
• Cloud service management can be described from the perspective of
business support, provisioning and configuration, and from the perspective
of portability and interoperability requirements.

Cloud Provider - Cloud Service Management 22

G.Pradeep, AP/CSE
 • Cloud Service Management
• Business Support
• Provisioning and Configuration
• Portability and Interoperability
Business Support
Business Support entails the set of business-related services dealing with
clients and supporting processes. It includes the components used to run business
operations that are client-facing.
• Customer management: Manage customer accounts, open/close/terminate
accounts, manage user profiles, manage customer relationships by providing
points-of-contact and resolving customer issues and problems, etc.
• Contract management: Manage service contracts,
setup/negotiate/close/terminate contract, etc. Inventory Management: Set up
and manage service catalogs, etc.
• Accounting and Billing: Manage customer billing information, send billing
statements, process received payments, track invoices, etc.
• Reporting and Auditing: Monitor user operations, generate reports, etc.
• Pricing and Rating: Evaluate cloud services and determine prices, handle
promotions and pricing rules based on a user's profile, etc.
23
G.Pradeep, AP/CSE
 Provisioning and Configuration
• Rapid provisioning: Automatically deploying cloud systems based on the
requested service/resources/capabilities.
• Resource changing: Adjusting configuration/resource assignment for
repairs, upgrades and joining new nodes into the cloud.
• Monitoring and Reporting: Discovering and monitoring virtual resources,
monitoring cloud operations and events and generating performance
reports.
• Metering: Providing a metering capability at some level of abstraction
appropriate to the type of service (e.g., storage, processing, bandwidth,
and active user accounts).
• SLA management: Encompassing the SLA contract definition (basic schema
with the QoS parameters), SLA monitoring and SLA enforcement according
to defined policies.

24
G.Pradeep, AP/CSE
 Portability and Interoperability

• The proliferation of cloud computing promises cost savings in technology

infrastructure and faster software upgrades.
• The US government, along with other potential cloud computing
customers, has a strong interest in moving to the cloud.
• However, the adoption of cloud computing depends greatly on how the
cloud can address users‟ concerns on security, portability and
interoperability.
• Cloud providers should provide mechanisms to support data portability,
service interoperability, and system portability
• It should be noted that various cloud service models may have different
requirements in related with portability and interoperability

25
G.Pradeep, AP/CSE
 Security
• It is critical to recognize that security is a cross-cutting aspect of the
architecture that spans across all layers of the reference model, ranging from
physical security to application security.
• Therefore, security in cloud computing architecture concerns is not solely
under the purview of the Cloud Providers, but also Cloud Consumers and other
relevant actors.
• Cloud-based systems still need to address security requirements such as
authentication, authorization, availability, confidentiality, identity
management, integrity, audit, security monitoring, incident response, and
security policy management.
• While these security requirements are not new, we discuss cloud specific
perspectives to help discuss, analyze and implement security in a cloud system.

Cloud Service Model Perspectives

Implications of Cloud Deployment Models
Shared Security Responsibilities

26
G.Pradeep, AP/CSE
 Privacy
• Cloud providers should protect the assured, proper, and consistent
collection, processing, communication, use and disposition of personal
information (PI) and personally identifiable information (PII) in the cloud.
• According to the Federal CIO Council, one of the Federal government‟s key
business imperatives is to ensure the privacy of the collected personally
identifiable information.
• PII is the information that can be used to distinguish or trace an individual‟s
identity, such as their name, social security number, biometric records, etc.
alone, or when combined with other personal or identifying information
that is linked or linkable to a specific individual, such as date and place of
birth, mother‟s maiden name, etc .
• Though cloud computing provides a flexible solution for shared resources,
software and information, it also poses additional privacy challenges to
consumers using the clouds.

G.Pradeep, AP/CSE 27
 Summary
▪ Cloud Computing Reference Model
– Cloud Consumer
– Cloud Provider
– Cloud Broker
– Cloud Auditor
– Cloud Carrier
▪ Scope of Control between Provider and
Consumer

G.Pradeep, AP/CSE 28
 References
• https://www.youtube.com/watch?v=dH0yz-Osy54
• https://www.youtube.com/watch?v=iLnrilOZJ44
• https://www.youtube.com/watch?v=usYySG1nbfI
• https://www.youtube.com/watch?v=NCtJa1jxqP4

G.Pradeep, AP/CSE 29