Cloud computing framework (NIST SP 800-145)
Baha Abu-Shaqra, PhD (DTI uOttawa)
Network Engineering (career change)
This post explains cloud computing by elaborating a cloud computing framework based on NIST SP 800-145 – The NIST Definition of Cloud Computing : Recommendations of the National Institute of Standards and Technology.
This post covers topic 1.2 Describe characteristics of network topology architectures: 1.2.f On-premise and cloud (Section 1.0 Network Fundamentals ) of the CCNA exam topics list.
You may also be interested in Automation and programmability .
Before we dive in, I try to make the world a little better. You're invited to read my letter to uOttawa President?Jacques Frémont about how to easily implement policy reforms to prevent supervisor bullying of uOttawa students: uOttawa President Jacques Frémont ignores university bullying problem . You may also be interested in How to end supervisor bullying at uOttawa .
Cloud services introduction
Traditional IT infrastructure deployments were some combination of the following.
Traditionally a company would use on-premises or a combination of on-premises and colocation. Cloud services provide an alternative that is increasingly becoming more popular.
Cloud computing NIST SP 800-145 definition
Here is the NIST’s (SP 800-145) definition of cloud computing:
Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models.
Five essential characteristics of cloud computing
The five essential characteristics of cloud computing are on-demand self-service,?broad network access,?resource pooling,?rapid elasticity, and?measured service.? If a service has some of these five characteristics but not all, it will generally not be considered a true cloud service.?
*On-demand self-service
Here is NIST’s definition.?
A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.
The customer is able to use the service freely through a web portal, without directly interacting with the service provider. The customer can just login to the web portal and set up some virtual servers on AWS (Amazon Web Services), for example, without having to interact with anyone at AWS.
*Broad network access
Here is NIST’s definition.?
Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations).
Cloud services are accessible through common network connections, such as the Internet or private WAN links, and can be accessed from a wide range of devices. For instance, you can access the AWS web portal using a PC, smartphone, or any Internet connected device. Similarly, virtual servers provisioned on AWS can be accessed over the Internet or through various WAN options.
*Resource pooling
Here is NIST’s definition.
The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, and network bandwidth.
The service provider provides a pool of resources. When a customer requests a service, such as creating a new virtual machine (VM), the provider dynamically allocates a portion of these shared resources to fulfill the request. For instance, AWS data centers house a massive collection of storage and compute resources that are shared among its customers. When you create a VM on AWS, it is essentially allocated a segment of these shared resources to operate.
*Rapid elasticity
Here is NIST’s definition.
Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time.
Customers can quickly expand the services they use in the cloud from a pool of resources that appears to be infinite to the customer. In addition, a customer should be able to quickly reduce their use of services when not needed.
*Measured service
Here is NIST’s definition.
Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service.
The cloud service provider measures the customer’s usage of cloud resources. The customer can measure their own use as well. There should be no surprises regarding resource usage because resource usage is clearly visible within the web portal. Customers are charged based on usage.
Three service models of a cloud computing
In cloud computing, everything is provided on a service model. The three main service models of cloud computing as defined by NIST are software as a service (SaaS), platform as a service (PaaS), and?infrastructure as a service (IaaS). These three models form the foundation of cloud services.?
The three service models of cloud computing are:
*Software as a Service (SaaS)
As defined by NIST,?
The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
Microsoft Office 365 is a popular example of SaaS. Google’s G Suite which includes Gmail is another popular example. In SaaS, the service provider is basically in control of everything, from the physical data center, to the networks in the data center, to the servers, the operating systems on the servers, all tools running on the operating systems, and the applications themselves. The customer just uses the application, for example Excel running on Office 365.
*Platform as a Service (PaaS)
As defined by NIST,?
The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.
Basically, the service provider offers a platform for developers to use to make applications.?AWS Lambda and Google App Engine are two popular examples.?In PaaS, the service provider is in control of the data centers, the networking and security, the servers and storage, and operating systems on the servers, as well as the tools running on the operating systems.?
*Infrastructure as a Service (IaaS)
As defined by NIST,?
The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).
领英推荐
Making VMs on AWS is an example of IaaS. Other examples of IaaS services include Amazon EC2 and Google Compute Engine. IaaS offers the most control to the customer. The service provider just offers the underlying infrastructure – the physical data center, the network and security, and server and storage infrastructure.
Four deployment models of cloud computing
While public cloud providers like AWS are the most prevalent form of cloud computing, there are other options available.
The four deployment models of cloud computing according to NIST SP 800-145 are private cloud, community cloud, public cloud, and hybrid cloud.?
*Private cloud
According to NIST,?
The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.
Private clouds may be on or off premises.?Private means used only by a single organization, usually large enterprises or government organizations. The cloud resources may be owned by a third party.?For example, AWS provides private cloud services for the American DoD. While the infrastructure is owned by Amazon, it is reserved for use by the DoD.
*Community cloud
According to NIST,?
The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises.
This is the least common cloud deployment. It is similar to private cloud, but the infrastructure is reserved for use by a specific group of organizations.
*Public cloud
According to NIST,?
The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.?
This is the most common cloud deployment model. Popular public cloud providers include AWS, Azure, GCP, OCI, IBM, and Alibaba, although AWS has been a dominant number one for a long time.?
*Hybrid cloud
?According to NIST,?
The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).
Instead of representing a distinct cloud deployment type, this model encompasses a hybrid approach that combines elements of the preceding three deployment models. For instance, a private cloud can leverage the resources of a public cloud during periods of high demand to overcome resource constraints.
Benefits of cloud computing
>Cost: The cloud eliminates the upfront capital expenses (CapEx) associated with purchasing hardware and software, establishing data centers, and other infrastructure costs. Instead, cloud computing converts these costs into ongoing operational expenses (OpEx), resulting in a shift from large, one-time expenses to smaller, recurring payments. For many businesses, this transition to OpEx leads to overall cost savings, though the specific impact varies depending on individual circumstances.
>Glocal scale: Cloud computing offers seamless global scalability at a rapid pace. Cloud services can be swiftly deployed and made accessible to customers from a geographically close location. For instance, when creating a virtual server on Amazon Web Services (AWS), you can select the country and region of your choice, enabling optimized performance for users in that specific area.
>Speed/agility: Cloud services offer speed and agility. Services are provided on demand and vast amounts of resources can be provisioned within minutes.?
>Productivity: Cloud services streamline operations and enhance productivity by eliminating the need for time-consuming tasks such as procuring, racking, cabling, and maintaining physical servers. Additionally, cloud-based infrastructure eliminates the burden of managing and updating operating systems, further reducing IT overhead and associated costs.
>Reliability: Cloud-based backups offer a convenient and secure way to safeguard your valuable data. With cloud storage, you can easily create mirrored backups, which means replicating your data across multiple geographical locations for disaster recovery purposes. If one server fails, your data remains intact and accessible from another location, ensuring business continuity.
Connecting enterprise network to public cloud resources
There are multiple ways a company can connect to their resources on a public cloud. For example,