NIST SP 500-292 NIST Cloud Computing Reference Architecture

2. Cloud Computing Reference Architecture: An Overview

2.1 The Conceptual Reference Model
Figure 1 presents an overview of the NIST cloud computing reference architecture, which identifies the
major actors, their activities and functions in cloud computing. The diagram depicts a generic high-level
architecture and is intended to facilitate the understanding of the requirements, uses, characteristics and
standards of cloud computing.

Figure 1: The Conceptual Reference Model

As shown in Figure 1, the NIST cloud computing reference architecture defines five major actors: cloud
consumer, cloud provider, cloud carrier, cloud auditor and cloud broker. Each actor is an entity (a person
or an organization) that participates in a transaction or process and/or performs tasks in cloud computing.
Table 1 briefly lists the actors defined in the NIST cloud computing reference architecture. The general
activities of the actors are discussed in the remainder of this section, while the details of the architectural
elements are discussed in Section 3.
Figure 2 illustrates the interactions among the actors. A cloud consumer may request cloud services from
a cloud provider directly or via a cloud broker. A cloud auditor conducts independent audits and may
contact the others to collect necessary information. The details will be discussed in the following sections
and presented in increasing level of details in successive diagrams.

3
NIST SP 500-292 NIST Cloud Computing Reference Architecture

Actor Definition
Cloud Consumer A person or organization that maintains a business relationship with, and
uses service from, Cloud Providers.
Cloud Provider A person, organization, or entity responsible for making a service
available to interested parties.
Cloud Auditor A party that can conduct independent assessment of cloud services,
information system operations, performance and security of the cloud
implementation.
Cloud Broker An entity that manages the use, performance and delivery of cloud
services, and negotiates relationships between Cloud Providers and
Cloud Consumers.
Cloud Carrier An intermediary that provides connectivity and transport of cloud
services from Cloud Providers to Cloud Consumers.

Table 1: Actors in Cloud Computing

Figure 2: Interactions between the Actors in Cloud Computing

Example Usage Scenario 1: A cloud consumer may request service from a cloud broker instead
of contacting a cloud provider directly. The cloud broker may create a new service by combining
multiple services or by enhancing an existing service. In this example, the actual cloud providers
are invisible to the cloud consumer and the cloud consumer interacts directly with the cloud
broker.

Figure 3: Usage Scenario for Cloud Brokers

4
 NIST SP 500-292 NIST Cloud Computing Reference Architecture

Example Usage Scenario 2: Cloud carriers provide the connectivity and transport of cloud
services from cloud providers to cloud consumers. As illustrated in Figure 4, a cloud provider
participates in and arranges for two unique service level agreements (SLAs), one with a cloud
carrier (e.g. SLA2) and one with a cloud consumer (e.g. SLA1). A cloud provider arranges
service level agreements (SLAs) with a cloud carrier and may request dedicated and encrypted
connections to ensure the cloud services are consumed at a consistent level according to the
contractual obligations with the cloud consumers. In this case, the provider may specify its
requirements on capability, flexibility and functionality in SLA2 in order to provide essential
requirements in SLA1.

Figure 4: Usage Scenario for Cloud Carriers

Example Usage Scenario 3: For a cloud service, a cloud auditor conducts independent
assessments of the operation and security of the cloud service implementation. The audit may
involve interactions with both the Cloud Consumer and the Cloud Provider.

Figure 5: Usage Scenario for Cloud Auditors

2.2 Cloud Consumer

The cloud consumer is the principal stakeholder for the cloud computing service. A cloud consumer
represents a person or organization that maintains a business relationship with, and uses the service from
a cloud provider. A cloud consumer browses the service catalog from a cloud provider, requests the
appropriate service, sets up service contracts with the cloud provider, and uses the service. The cloud
consumer may be billed for the service provisioned, and needs to arrange payments accordingly.
Cloud consumers need SLAs to specify the technical performance requirements fulfilled by a cloud
provider. SLAs can cover terms regarding the quality of service, security, remedies for performance
failures. A cloud provider may also list in the SLAs a set of promises explicitly not made to consumers,
i.e. limitations, and obligations that cloud consumers must accept. A cloud consumer can freely choose a
cloud provider with better pricing and more favorable terms. Typically a cloud provider‟s pricing policy
and SLAs are non-negotiable, unless the customer expects heavy usage and might be able to negotiate for
better contracts. [2].
Depending on the services requested, the activities and usage scenarios can be different among cloud
consumers. Figure 6 presents some example cloud services available to a cloud consumer (For details, see
Appendix B: Examples of Cloud Services) [13].

5
 NIST SP 500-292 NIST Cloud Computing Reference Architecture

Figure 6: Example Services Available to a Cloud Consumer

SaaS applications in the cloud and made accessible via a network to the SaaS consumers. The consumers
of SaaS can be organizations that provide their members with access to software applications, end users
who directly use software applications, or software application administrators who configure applications
for end users. SaaS consumers can be billed based on the number of end users, the time of use, the
network bandwidth consumed, the amount of data stored or duration of stored data.
Cloud consumers of PaaS can employ the tools and execution resources provided by cloud providers to
develop, test, deploy and manage the applications hosted in a cloud environment. PaaS consumers can be
application developers who design and implement application software, application testers who run and
test applications in cloud-based environments, application deployers who publish applications into the
cloud, and application administrators who configure and monitor application performance on a platform.
PaaS consumers can be billed according to, processing, database storage and network resources consumed
by the PaaS application, and the duration of the platform usage.
Consumers of IaaS have access to virtual computers, network-accessible storage, network infrastructure
components, and other fundamental computing resources on which they can deploy and run arbitrary
software. The consumers of IaaS can be system developers, system administrators and IT managers who
are interested in creating, installing, managing and monitoring services for IT infrastructure operations.
IaaS consumers are provisioned with the capabilities to access these computing resources, and are billed
according to the amount or duration of the resources consumed, such as CPU hours used by virtual
computers, volume and duration of data stored, network bandwidth consumed, number of IP addresses
used for certain intervals..