Concepts and Models
Concepts and Models
1
Concepts and Models
4.1 Roles and Boundaries
4.2 Cloud Characteristics
4.3 Cloud Delivery Models
4.4 Cloud Deployment Models
4.1. Roles and Boundaries
Cloud Provider
Cloud Consumer
Cloud Service Owner
Cloud Resource Administrator
Organizational Boundary
Trust Boundary
Cloud Provider
The organization that provides cloud-based IT resources is
the cloud provider.
The cloud provider is further tasked with any required
management and administrative duties to ensure the on-
going operation of the overall cloud infrastructure.
Cloud providers normally own the IT resources that are
made available for lease by cloud consumers; however,
some cloud providers also “resell” IT resources leased
from other cloud providers.
Cloud
Consumer
A cloud consumer is an organization (or a human) that has a formal contract
or arrangement with a cloud provider to use IT resources made available by
the cloud provider.
cloud consumer uses a cloud service consumer to access a cloud service.
organizations or humans shown remotely accessing cloud-based IT resources
are considered cloud consumers.
Figure 4.1 A cloud consumer (Organization A) interacts with a cloud service from a cloud provider
(that owns Cloud A). Within Organization A, the cloud service consumer is being used to
access the cloud service.
Cloud Service Owner
The person or organization that legally owns a cloud service is called a cloud
service owner.
Figure 4.2 A cloud consumer can be a cloud service owner when it deploys its own service in a cloud.
Cloud Service Owner (cont..)
Figure 4.3 A cloud provider becomes a cloud service owner if it deploys its own cloud service,
typically for other cloud consumers to use.
Cloud Resource Administrator
A cloud resource administrator is the person or organization responsible for
administering a cloud-based IT resource (including cloud services).
Figure 4.4 A cloud resource administrator can be with a cloud consumer organization and administer
remotely accessible IT resources that belong to the cloud consumer.
Cloud Resource Administrator
cloud resource administrator can be (or belong to) the cloud consumer or
cloud provider of the cloud within which the cloud service resides.
Figure 4.5 A cloud resource administrator can be with a cloud provider organization for which it can
administer the cloud provider’s internally and externally available IT resources.
Organizational Boundary
An organizational boundary represents the physical perimeter that surrounds a
set of IT resources that are owned and governed by an organization.
Figure 4.6 Organizational boundaries of a cloud consumer (left), and a cloud provider (right),
represented by a broken line notation.
Trust Boundary
A trust boundary is a logical perimeter that typically spans beyond physical
boundaries to represent the extent to which IT resources are trusted
Figure 4.7 An extended trust boundary encompasses the organizational boundaries of the cloud provider
and the cloud consumer.
4.2. Cloud Characteristics
Six specific characteristics are common to the
majority of cloud environments:
on-demand usage
ubiquitous access
multitenancy (and resource pooling)
elasticity
measured usage
Resiliency (NIST is excluded)
On-Demand Usage
A cloud consumer can unilaterally access cloud-based IT resources giving the
cloud consumer the freedom to self-provision these IT resources or on-
demand usage.
Ubiquitous Access
Ubiquitous access represents the ability for a cloud service to be widely
accessible.
Establishing ubiquitous access for a cloud service can require support for a
range of devices, transport protocols, interfaces, and security technologies.
Multitenancy
Characteristic of a software
program that enables an
instance of the program to
serve different consumers
(tenants) whereby each is
isolated from the other, is
referred to as multitenancy.
Measured Usage
measured usage characteristic represents the ability of a cloud platform to
keep track of the usage of its IT resources, primarily by cloud consumers.
Can charge a cloud consumer only for the IT resources actually used and/or
for the timeframe during which access to the IT resources was granted.
is closely related to the on-demand characteristic.
Measured usage is not limited to tracking statistics for billing purposes. It also
encompasses the general monitoring of IT resources and related usage
reporting
Resiliency
Resilient
computing is a
form of failover
that distributes
redundant
implementations
of IT resources
across physical
locations.
resiliency can
refer to redundant
IT resources within
the same cloud
(but in different
physical locations)
or across multiple
clouds. Figure 4.10 A resilient system in which Cloud B hosts a redundant implementation of
Cloud Service A to provide failover in case Cloud Service A on Cloud A becomes
unavailable.
4.3. Cloud Delivery Models
A cloud delivery model represents a specific, pre-packaged combination of IT
resources offered by a cloud provider.
Three common cloud delivery models have become widely established and
formalized:
Infrastructure-as-a-Service (IaaS)
Platform-as-a-Service (PaaS)
Software-as-a-Service (SaaS)
Note:
Many specialized variations of the three base cloud delivery models have
emerged, each comprised of a distinct combination of IT resources. Some
examples include:
Storage-as-a-Service
Database-as-a-Service
Security-as-a-Service
Communication-as-a-Service
Integration-as-a-Service
Testing-as-a-Service
Process-as-a-Service
Infrastructure-as-a-Service (IaaS)
IaaS delivery model represents a self-contained IT environment comprised of
infrastructure-centric IT resources that can be accessed and managed via
cloud service-based interfaces and tools.
Can include hardware, network, connectivity, operating systems, and other
“raw” IT resources.
Are typically virtualized and packaged into bundles that simplify up-front
runtime scaling and customization of the infrastructure.
General purpose of an IaaS environment is to provide cloud consumers with a
high level of control and responsibility over its configuration and utilization.
Used by cloud consumers that require a high level of control over the cloud-
based environment they intend to create.
IaaS environments are generally offered as freshly initialized virtual instances.
A central and primary IT resource within a typical IaaS environment is the
virtual server.
Virtual servers are leased by specifying server hardware requirements, such
as processor capacity, memory, and local storage space.
Infrastructure(hardware)-as-a-Service (IaaS)
Figure 4.11 A cloud consumer is using a virtual server within an IaaS environment. Cloud consumers are
provided with a range of contractual guarantees by the cloud provider, pertaining to characteristics
such as capacity, performance, and availability.
Platform-as-a-Service (PaaS)
PaaS delivery model represents a pre-defined “ready-to-use” environment
typically comprised of already deployed and configured IT resources.
Common reasons a cloud consumer would use and invest in a PaaS
environment include:
The cloud consumer wants to extend on-premise environments into the cloud for
scalability and economic purposes.
The cloud consumer uses the ready-made environment to entirely substitute an on-
premise environment.
The cloud consumer wants to become a cloud provider and deploys its own cloud
services to be made available to other external cloud consumers.
By working within a ready-made platform, the cloud consumer is spared the
administrative burden of setting up and maintaining the bare infrastructure IT
resources provided via the IaaS model.
The cloud consumer is granted a lower level of control over the underlying IT
resources that host and provision the platform.
PaaS products are available with different development stacks. For example,
Google App Engine offers a Java and Python-based environment.
Platform-as-a-Service (PaaS)
Figure 4.12 A cloud
consumer is
accessing a ready-
made PaaS
environment. The
question mark
indicates that the
cloud consumer is
intentionally shielded
from the
implementation
details of the
platform.
Software-as-a-Service (SaaS)
A software program positioned as a shared cloud service and made available
as a “product” or generic utility represents the typical profile of a SaaS
offering.
The SaaS delivery model is typically used to make a reusable cloud service
widely available (often commercially) to a range of cloud consumers.
A cloud consumer is generally granted very limited administrative control over
a SaaS implementation.
Software-as-a-Service (SaaS)
Figure 4.13 The cloud service consumer is given access the cloud service contract, but not to any
underlying IT resources or implementation details.
Comparing Cloud Delivery Models
Comparing Cloud Delivery Models
Combining Cloud Delivery Models
IaaS + PaaS
IaaS + PaaS
Ready-made environment
provided by the PaaS
environment can be used by the
cloud consumer organization to
develop and deploy its own
SaaS cloud services that it can
then make available as
commercial products