Cloud Computing

Concepts, Technology and Architecture

Introduction to Networking
 Data communication, Cloud
Computing, Origin of Cloud Computing
Basic Concepts and Terminology
Goals and Benefits
 Risks and Challenges
Roles and Boundaries
Cloud Characteristics
Cloud Delivery Models
Cloud Deployment Models
  Businesses needed a solution that would successfully address the
following three problems:
 How to avoid duplication of equipment and resources
 How to communicate efficiently
 How to set up and manage a network

Rick Graziani graziani@cabrillo.edu

 A network is a set of devices (often referred to as nodes) connected by
communication links. A node can be a computer, printer, or any other
device capable of sending and/or receiving data generated by other
nodes on the network.
 Microcontroller

Wireless
Networking
 A network connects computers, mobile phones, peripherals, and
even IoT(Internet of Things) devices.
 Switches, routers, and wireless access points are the essential
networking basics.
 Through them, devices connected to your network can
communicate with one another and with other networks, like the
Internet.
 • A switch acts as a controller, connecting
Switch computers, printers, and servers to a network in
a building or a campus.

•Routers connect multiple networks together.

Router
•They also connect computers on those networks to
the Internet.
•Routers enable all networked computers to share a
single Internet connection, which saves money.

•An access point allows devices to connect to

the wireless network without cables.
Access Point •An access point acts like an amplifier for your
network.
•While a router provides the bandwidth, an
access point extends that bandwidth
Network coverage

Network topologies

Network architecture
WAN (Wide Area
Network)
100km,1000km
(Country,
Continent)

MAN
(Metropolitan
Area Network)
10km (city)

LAN (Local Area

Network)
10m,100,1km
(Room,
Building,Campus
)
 Local Area Networks:
 Used for small networks (school, home, office)
 Examples and configurations:
 Wireless LAN or Switched LAN
 ATM LAN, Frame Ethernet LAN
 Peer-2-PEER: connecting several computers together (<10)
 Client/Server: The serves shares its resources between
different clients
 Metropolitan Area Network
 Backbone network connecting all LANs
 Can cover a city or the entire country
 Wide Area Network
 Typically between cities and countries
 Technology:
 Circuit Switch, Packet Switch, Frame Relay, ATM
 Examples:
 Internet P2P: Networks with the same network software can be
connected together (Napster)
 Configuration or physical arrangement in which devices are connected together
 BUS networks: Single central cable connected a number of devices
 Easy and cheap
 Popular for LANs
 RING networks: a number of computers are connected on a closed loop
 Covers large distances
 Primarily used for LANs and WANs
 STAR networks: connecting all devices to a central unit
 All computers are connected to a central device called hub
 All data must pass through the hub
personal personal personal
computer computer computer

personal personal
computer computer
personal computer

personal computer

personal computer
host
personal computer computer

printer
file server
 Basic types:
 Centralized – using mainframes
 Peer-2-Peer:
 Each computer (peer) has equal responsibilities, capacities,
sharing hardware, data, with the other computers on the
peer-to-peer network
 Good for small businesses and home networks
 Simple and inexpensive
 Client/Server:
 All clients must request service from the server
 The server is also called a host
 Different servers perform different tasks: File server, network
server, etc.
 The term telecommunication means communication at a distance. The
word data refers to information presented in whatever form is agreed
upon by the parties creating and using the data. Data communications
are the exchange of data between two devices via some form of
transmission medium such as a wire cable.
1. Message
2. Sender
3. Receiver
4. Medium
5. Protocol

21
Simplex

Half Duplex

Full Duplex

22
 Voice mail: Similar to answering machine but digitized
 Fax: Sending hardcopy of text or photographs between computers using fax modem
 Email: electronic mail – sending text, files, images between different computer networks
- must have email software
 More than 1.3 billion people send 244 billion messages monthly!
 Chat rooms: Allows communications in real time when connected to the Internet
 Telephony: Talking to other people over the Internet (also called VoIP)
 Sends digitized audio signals over the Internet
 Requires Internet telephone software
 Groupware: Software application allowing a group of people to communicate with each
other (exchange data)
 Address book, appointment book, schedules, etc.
 GPS: consists of receivers connected to satellite systems
 Determining the geographical location of the receiver
 Used for cars, advertising, hiking, tracking, etc.
 Network protocols comprise mechanisms for devices to
recognize and make connections with each other, and as
formatting rules, which specify how data is packed into
messages sent and received.
 Examples of applications (Layer 7) take advantage of the
transport (Layer 4) services of TCP and UDP
 Hypertext Transfer Protocol (HTTP): A client/server
application that uses TCP for transport to retrieve HTML
pages.
 Domain Name Service (DNS): A name-to-address translation
application that uses both TCP and UDP transport.
 Telnet: A virtual terminal application that uses TCP for
transport.
 File Transport Protocol (FTP): A file transfer application that
uses TCP for transport.
 Trivial File Transfer Protocol (TFTP): A file transfer
application that uses UDP for transport.
 Network Time Protocol (NTP): An application that
synchronizes time with a time source and uses UDP for
transport.
 Border Gateway Protocol (BGP): An exterior gateway routing
protocol that uses TCP for transport. BGP is used to exchange
routing information for the Internet and is the protocol used
between service providers.
 A channel is a path between two communication
devices
 Channel capacity: How much data can be passed
through the channel (bit/sec)
 Also called channel bandwidth
 The smaller the pipe the slower data transfer!
 Consists of one or more transmission media
 Materials carrying the signal
 Two types:
 Physical: wire cable T1
lines T1
 Wireless: Air destination
network
lines

server T3
lines

T1
lines
 A tangible media
 Examples: Twisted-pair cable, coaxial cable, Fiber-optics, etc.
 Twisted-pair cable:
 One or more twisted wires bundled together (why?)
 Made of copper
 Coax-Cable:
 Consists of single copper wire surrounded by three layers of insulating and metal
materials
 Typically used for cable TV
 Fiber-optics:
 Strands of glass or plastic used to transmit light
 Very high capacity, low noise, small size, less suitable to natural disturbances
 twisted-pair cable twisted-pair wire
woven or
braided metal copper wire

plastic outer insulating

coating material

optical fiber
core

glass cladding

protective
coating
 Broadcast Radio
 Distribute signals through the air
over long distance
 Uses an antenna
 Typically for stationary locations
 Can be short range
 Cellular Radio
 A form of broadcast radio used for
mobile communication
 High frequency radio waves to
transmit voice or data
 Utilizes frequency-reuse
Introduction to Computer Networks

E-mail
Searchable Data (Web Sites)
E-Commerce
News Groups
Internet Telephony (VoIP)
Video Conferencing
Chat Groups
Instant Messengers
Internet Radio
A Brief History of
Cloud Computing
 The term “cloud computing” is
coined by University of Texas
professor Ramnath Chellappa
in a talk on a “new computing
paradigm.” ! However, the
term may actually have been
used a year earlier in Compaq.
See here for more info.
 Amazon created Amazon Web
Services (AWS), providing an
advanced system of cloud
services from storage to
computation.
 Amazon introduced the Elastic
Compute Cloud (EC2) as a
commercial web service. The
EC2 let small companies rent
computers on which they could
run their own computer
applications.
 Google and Microsoft entered
the playing field. The Google
App Engine brought low-cost
computing and storage
services, and Microsoft
followed suit with Windows
Azure. 2009
 Cloud
Computing
Grid
Computing

Parallel
computing

Distributed
computing
 Distributed computing also refers to the use of distributed
systems to solve computational problems. In distributed
computing, a problem is divided into many tasks, each of which
is solved by one or more computers, which communicate with
each other via message passing.
 In parallel computing, a computational task is typically broken
down into several, often many, very similar subtasks that can be
processed independently and whose results are combined
afterwards, upon completion. In
 Distributed computing deals with additional capabilities that
may include consistency, availability and partition
tolerance. These deal with the properties of a distributed system
in the event of different kinds of failures.
 A system like Hadoop or Spark are distributed computing
systems that have capabilities for handling node and network
failures. However, both systems are also designed to perform
parallel computing.
 Grid computing is the collection of computer resources from
multiple locations to reach a common goal.
 Grids are a form of distributed computing whereby a "super
virtual computer" is composed of many networked loosely
coupled computers acting together to perform large tasks.
 For certain applications, distributed or grid computing can be
seen as a special type of parallel computing that relies on
complete computers connected to a computer network (private
or public) by a conventional network interface, such as Ethernet
 According to the official NIST (National Institute of Standard
Technology) definition, “Cloud computing is a model for
enabling ubiquitous, convenient, on-demand network access to
a shared pool of configurable computing resources (e.g.,
networks, servers, storage, applications and services) that can
be rapidly provisioned and released with minimal management
effort or service provider interaction.”
Cloud computing emerged from a combination of business drivers
and technology innovations.

Business drivers:
 Capacity Planning
 Cost reduction and Operating Overhead
 Organizational Agility

Technology Innovations:
 Grid Computing Technology
 Clustering Technology
 Virtualization Technology
Capacity planning is an unavoidable responsibility for most IT
enterprises, requiring that future demands on ITinfrastructure be
planned for and accommodated.

Capacity planning can be very challenging because it can

require estimating usage load fluctuations.

There is a constant need to balance peak usage requirements

without unnecessarily over-spending on ITinfrastructure.

To accommodate maximum usage loads may require too high

of an investment. To moderate the investment may result in lost
transactions and other usage limitations due to lower usage
thresholds.
Different capacity planning strategies exist :

Lead Strategy –adding capacity to an ITresource in anticipation of demand

Lag Strategy –adding capacity when the ITresource reaches his full capacity

Match Strategy –adding ITresource capacity in small increments, as demand

increases
Two costs need to be accounted for:
the cost of acquiring new infrastructure
The cost of its going ownership (TCO)

Common forms of infrastructure-related operatingoverhead

include the following:
technical personnel required to keep the environment operational
upgrades and patches that introduce additional testing and
deployment cycles
utility bills and capital expense investments for power and cooling
security and access control measures that need to be maintained
and enforced to protect infrastructure resources
administrative and accounts staff that may be required to keep
track of licenses and support arrangements
Organizational agility represents the responsiveness of an organization in
the face of business chance.

“ … so even elephants can walk on a tightrope”

Grid computing emerged in the 90’s to introduce the
concept of “computing as a networked utility”.

A computing grid provides a platform in which computing

resources are organized into one or more logical pools.

With a grid you could plug into a pool of shared

computing power the same way you would plug an
appliance into a shared power grid

This concept led to the notion of “pay-as-you-go”

computing and further formed the basis of “elasticity” –
both of witch established fundamental characteristics of
a cloud
Because Web Applications were commonly made available to a wide
public, they often became demand-driven and tended to be “spiky” in
their usage loads.

The back-end technology architectures that evolved in support of Web-

based applications therefore introduced the need for:
Load balancing
Serverfarms
Clustered servers
Clustered databases
Virtualization is an established technology that has enabled
hardware owners to repeatedly leverage physical servers for
wide, concurrent usage.

Virtualization further helped realize the notion of “server

elasticity” by allowing one physical server to host a variable
number of “virtual”servers.

Virtualization is a key technology in modern cloud

computing.
Basic concepts and
Terminologies
Before we can discuss the details of cloud computing, we need to first
establish some fundamentals terms and concepts :

 ITResource
 Virtualization
 Scaling
 Cloud
 On-Premise
 Service
 Cloud Service
 Service Agent
An ITresource is a physical or virtual IT-related artifact (software or
hardware).

The following are common types of ITresources:

• physical server
• software program
• storage device
• virtual server
• service
• network device
Virtualization allows physical ITresources to provide multiple virtual
images of themselves so that their underlying processing capabilities
can be shared individually by multiple consumers.

The owner of the physical ITresource maintains centralized

administrative control and intentionally hides implementation details fro
consumers of the virtualITresources.

This abstraction of the physical ITresource allows consumers to use the

provided virtual ITresources without any required knowledge of how the
underlying physical ITresource exists or operates.

As consumer usage demands fluctuate, the owner of the physical IT

resource can scale it accordingly.
For example, a physical computer will often contain a single installation
of an operating system that can be used by a single consumer.

Through virtualization, the same computer can provide multiple images

of the same operating system installation that can be independently
used by multipleconsumers.

The owner of the physical computer can retain administrative control

of the computer hardware and the base operation system
environment.

Consumers of the virtual operating system images can independently

configure and control their respective virtual environments, but are not
given access to (nor require access to) the underlying physical
environment.
Virtualization is an established area of technology that
emerged long before cloud computing.

Within cloud environments, virtualization technology is primarily

utilized to replicate multiple virtual images of the same physical
server for remote access by consumers.

A virtual server is a form of virtualization software that emulates

a physical computer (a physical server).

Each physical server can host multiple virtual servers.

To a cloud consumer, a virtual server appears as an

independent physical server.
Scaling, from an ITresource perspective, represents the ability of the IT
resource to gracefully handle increased or decreased usage demands.

The following are scaling –related terms used in these courses:

• horizontal scaling
 scale out
 scale in

• vertical scaling
 scale up
 scale down
Horizontal scaling refers to the allocation or releasing of resources of
the same type. The horizontal allocation of resources is referred to as
scaling out and the horizontal releasing of resources is referred to as
scaling in.

Horizontal scaling is a common form of scaling within cloud

environments.
Vertical scaling occurs when an existing resource is
replaced by another.

The replacing of an ITresource with another that has

a higher capacity is referred to as scaling up and the
replacing an ITresource with another that has a lower
capacity is referred to as scaling down.

Vertical scaling is less common in cloud environments

due to the downtime required while the replacement
is taking place.
Scaling
A comparison of horizontal and vertical scaling :
A cloud is a distinct and remote ITenvironment designed for
the purpose of remotely provisioning scalable and measured
ITresources.

ITresources are provided by a cloud for consumers to

access remotely, from outside the cloud perimeter.

Consumers may or may not know the exact physical location of the IT
resources provided by a cloud.

Although a cloud will commonly be based on Web protocols and

technologies, it is not necessary for a cloud to be Web-based. A cloud
can exist with the use of any remote access protocols that allow for
access to itsITresources.
Not every ITresource that resides inside a cloud needs to be made
directly available toconsumers.

A cloud-based ITresource can be remotely accessed or it can support

the remote access of other cloud-based ITresources.

When an ITresource is made available to external consumers, it is

accessible as a cloud service (as explained in the upcoming Cloud
Service section).
A cloud hosting eight ITresources: three virtual servers, two cloud
services, and three cloud storage devices.
The term on-premise (or “on-premises”) is used to qualify an ITresource
that is not remotely accessible via a cloud, but instead resides within an
internal ITenterpriseenvironment.

It is important to note that very often cloud-based ITresources are

invoked by or communicate with on-premise ITresources.

For example, an ITresource may be moved from an on-premise

environment to a cloud, or vice versa.
From an implementation perspective, a service is a software
program that can be remotely invoked via a published technical
interface (or API) referred to as a service contract.

When a software program invokes and interacts with a service, it is

labeled as a service consumer.

Services acting as service consumers can invoke other services.

When two or more services participate to complete a given task,
the services from a service composition.

A service can reside on-premise or in a cloud. In the latter case, it is

further qualified as a cloud service (as explained in the following
Cloud Service section).
The term “service” within the context of cloud computing is very broad.

From a cloud computing perspective, any remotely accessible ITresource

is classified as a service.

A cloud service can therefore be considered an ITresource made

remotely accessible via a cloud.

Note that even though a cloud service exists as an ITresource, it may

further provide access to other cloud-based ITresources.

Note that a cloud service can exist as a software program that acts as an
endpoint or access point to a larger application, platform or environment.

From a consumer perspective, the larger application, platform or

environment itself (and in its entirety) may be considered the “service”.
A cloud service can exist as:

• A traditional service (such as a Web

service or a REST service) accessed via a
published contract and messaging.

• A software program remotely accessed

viaother means (such as communicating
with a software program on a server using
a proprietaryprotocol)
A service agent is an event-driven program capable of transparently
intercepting and processing messages sent to or from services.

Depending on the development platform you are working with, service

agents may be called “filters”, “listeners”, “interceptors”, “handlers”,
etc.

Most modern runtime environments (and operating systems) provide a

set of system service agents, but service agents can also be custom-
developed.

Service agents do not have a technical interface (or service contract)

and are therefore not explicitly invoked.
Service agents are depicted using the rectangular block symbol.

Common functions performed by service agents include routing,

logging, validation, and security related processing.

Service agents are important to cloud computing, especially for

providing runtime monitoring and load balancing functions.
Let’s revisit the definition of cloud computing:
Cloud computing is a specialized form of distributed computing that
introduces utilization models for remotely provisioning scalable and
measured ITresources.

Let’s revisit the definition of a cloud:

A cloud is a distinct and remote ITenvironment designed for the
purpose of remotely provisioning scalable and measured ITresources.

In order to remotely provision scalable and measured ITresources in an

effective manner, an ITenvironment requires a specific set of
characteristics.

These characteristics need to exist to a meaningful extent for the IT

environment to be considered an effective cloud.
This section is dedicated to individually describing the following six cloud
characteristics :

• On-Demand Usage
• Ubiquitous Access
• Multitenancy
• Elasticity
• Measured Usage
• Resiliency
A cloud consumer can unilaterally access cloud-based ITresources
giving the cloud consumer the freedom to self-provision these IT
resources.

Once configured, usage of the self-provisioned ITresources can be

automated, requiring no further human involvement by the cloud
consumer or cloud provider.

This results in an on-demand usage environment.

Ubiquitous access represents the
ability for a cloud service to be widely
accessible. Establishing ubiquitous
access for a cloud service can require
support for a range of transport
protocols, interfaces and security
technologies.

To enable this level of access generally

requires that the cloud service be
tailored to the particular needs of
different cloud serviceconsumers.
Multitenancy is a characteristic of a software program that enables an
instance of the program to serve different consumers (tenants), each
of which is isolated from the other.

A cloud provider pools its ITresources to serve multiple cloud service

consumers by using the multitenancy model.

Cloud-based multitenancy models frequently rely on the use of

virtualization technologies.

Through the use of multitenancy technology, ITresources can be

dynamically assigned and reassigned, according to cloud service
consumer demands.
The figure on the left is an example of single tenancy in that each
cloud service consumer is provided a separate underlying IT
resource instance (in this case, a storage device).
The figure on the right illustrates multitenancy, whereby a single
instance of an ITresource is provided to both cloud service
consumers, each likely unaware that the ITresource is being shared.
Elasticity is the automated ability of a cloud to gracefully and
transparently scale ITresources, as required in response to runtime
conditions or as predetermined by the cloud consumer or cloud
provider.

Elasticity is often considered a core justification for the adoption of

cloud computing, primarily due to the fact that it is closely associated
with the Reduced Investment and Proportional Costs benefit.

Cloud providers with the vast resources can offer the greates range of
elasticity.
A sample
workflow
depicting
elastic
resource
allocation.
Measured usage represents the ability of a cloud platform to keep
track of the usage of its ITresources by cloud consumers.

Based on what is measured, the cloud consumer is charged only for

the ITresources actually used and/ or for the timeframe where access
to the ITresources was required.

Measured usage is not limited to tracking statistics for billing purposes. It

also encompasses the general monitoring of ITresources and related
usage reporting (to both cloud provider and cloud consumers).
A typicalapplication
of measured usage
within a cloud is the
monitoring and
collection of runtime
data by the cloud
provider to be used
for cloud consumer
billing purposes, as
demonstrated here.
Resilient computing is a form of failover that distributes redundant
implementations of ITresources across physicallocations.

ITresources can be pre-configured so that if one becomes deficient,

processing is automatically handed over to another redundant IT
resource.

Within cloud computing, resiliency can refer to redundant ITresources

within the same cloud (but in different physical locations) or across
multiple clouds.

Cloud consumers can increase the reliability and availability of cloud-

based ITresources.
For example, Cloud A provides Cloud
Service A as part of a failover system
that encompasses a redundant
implementation of Cloud Service A on
Cloud B. If Cloud Service A on Cloud A
fails, then Cloud Service A on Cloud B is
automatically provisioned transparently
to Cloud ServiceConsumer A.

Each cloud has a specific level of

reliability and availability that it
guarantees for Cloud Service A. By
spanning the failover system across
both clouds, the overall reliability and
availability will be higher than the
maximum reliability and availability of
either cloud.
Roles:
• Service Consumer
• Cloud Service Consumer
• Cloud Provider
• Cloud Consumer
• Cloud Resource Administrator
• Cloud Service Owner
Boundaries:
• Organizational Boundary
• Trust Boundary
As described earlier in the Fundamental Terms & Concepts section,
when a software program accesses a service it is labeled as a
service consumer.

A service consume is therefore a temporary runtime role assumed

by a software program.

A service itself may assume the role of a service consumer when it

invokes and interacts with another service (as part of a service
composition).

To distinguish between service consumers that access on-premise

and cloud-based services, those that access cloud services are
further qualified as cloud service consumers (as explained next).
The cloud service consumer is a temporary runtime role assumed by
a software program when it accessed a cloud service.

The following are common types of cloud service consumers:

• software programs and services capable of remotely accessing cloud
services with published service contracts (such as Web services)
• workstations, laptops and mobile devices running software capable of
remotely accessing other ITresources positioned as cloud services (such
as virtual servers)
Cloud Service Consumer

The cloud service consumer role is assumed when:

A cloud provider is the organization that owns
(provides) a cloud.

One cloud provider may own multiple clouds.

When relevant, diagrams in these courses

indicate the cloud providers of depicted clouds.

When a cloud is not further labeled with a cloud

provider, it is still implied that the cloud has a
cloud provider.
A cloud consumer is an organization or a human that uses a cloud
service consumer to access a cloud service.

The diagrams in these courses do not often explicitly label symbols

as “cloud consumers”.

Instead, it is generally implied that organizations or humans shown

remotely accessing cloud-based ITresources are considered cloud
consumers.
In this example, Organization A is
the cloud consumer

In this example, the illustrated

human is the cloud consumer
A cloud service owner is the person or organization that legally owns
a cloud service.

The cloud service owner can be either the cloud consumer or the
cloud provider of the cloud within which the cloud service resides.

For example, if Cloud X hosts Cloud Service A then either the cloud
consumer of Cloud X or the cloud provider of Cloud X can be the
Cloud Service Owner of Cloud Service A. (See the upcoming
diagrams).
A cloud consumer can be a cloud service owner when it has
deployed its own service in a cloud.

A common example of this is when the cloud consumer uses a PaaS

offering to develop and deploy its own cloud service (as explained
in the upcoming Cloud Delivery models section).
A cloud provider can be a cloud service owner when it deploys its
own service in a cloud (typically for use by other cloud consumer)

A common example of this is when the cloud providers make

services commercially available as SaaS offerings (as explained in
the upcoming Cloud Delivery models section).
A cloud resource administrator is the person or organization
responsible for administering a cloud-based ITresource (including
cloud services).

The cloud resource administrator can be (or belong to) the cloud
consumer or cloud provider of the cloud within which the cloud
service resides.

Alternatively, it can be (or belong to) a third-party organization

contracted to administer the cloud-based ITresource.

For example, a cloud service owner could contract a cloud

resource administrator to administer a cloud service.
Cloud Resource Administrator
A cloud resource administrator can be with a cloud consumer
organization and can administer remotely accessible ITresources that
belong to the cloud consumer.
Cloud Resource Administrator
A cloud resource administrator can be with a cloud provider
organization for which it can administer ITresources (internally and
externally available) belonging to the cloud provider.
The reason we don’t call the cloud resource administrator a cloud
service administrator, is because this person or organization may be
responsible for administering cloud-based ITresources that don’t
exist as cloud services.

For example, if the cloud resource administrator belongs to (or is

contracted by) the cloud provider, ITresources not made remotely
accessible may be administered by this role (and these types of IT
resources are not classified as cloud services).
Note that the cloud resource administrator is a role assumed
by a human (or a group of humans). It is not a role assumed
by a software program.

In diagrams, when we show the workstation symbol

remotely accessing an ITresource (such as the virtual server
in the diagram to the right), we refer to this as the “cloud
resource administrator”.

However, it is implied that the workstation being used by the

human to perform the administration task is using a software
program that technically is acting as a cloud service
consumer.
 Cloud Auditor
 A third-party (often accredited) that conducts
independent assessments of cloud environments
assumes the role of the cloud auditor.
 The typical responsibilities associated with this role
include the evaluation of security controls, privacy
impacts, and performance.
 The main purpose of the cloud auditor role is to
provide an unbiased assessment (and possible
endorsement) of a cloud environment to help
strengthen the trust relationship between cloud
consumers and cloud providers.
 Cloud Broker – This role is assumed by a party that assumes the
responsibility of managing and negotiating the usage of cloud services
between cloud consumers and cloud providers. Mediation services
provided by cloud brokers include service intermediation, aggregation, and
arbitrage.
 Cloud Carrier – The party responsible for providing the wire-
level connectivity between cloud consumers and cloud providers
assumes the role of the cloud carrier. This role is often assumed
by network and telecommunication providers.
Runtime roles assumed by software programs:
• service consumer (when a software program accesses an on-premise
service)
• cloud service consumer (when a software program accesses a cloud service)

Roles assumed by people/ organizations:

• cloud consumer (when a person/ organization uses ITresources provided by
a cloud)
• cloud provider (the person / organization that owns/ provides a cloud)
• cloud resource administrator (the person/ organization responsible for
administering a cloud-based ITresource)
An organizational boundary represents the physical perimeter that
surrounds a set of ITresources owned by a specific organization.

This means that an organizational boundary does not represent the

boundary of an actual organization (only a set of organizational ITassets
represented by ITresources).

Organizational boundaries are generally used to indicate regions or

environments that are under the control of the organization.

Incorporating cloud computing into an ITenterprise can require that IT

resources be placed outside of an organizational boundary.

This can result in a loss of control of an organization’s ITresources.

An organization acting as a A cloud provided by a cloud
cloud consumer has its own provider will have its own
organizational boundary. organizational boundary.
A trust boundary establishes a logical perimeter wherein IT
resources are trusted from a security perspective.

The ITenterprise within an organization can establish an

internal trust boundary that encompasses its own IT
resources.
Cloud-based ITresources that are used by a cloud consumer reside
outside of the cloud consumer’s organizational boundary.

To use the ITresources, the cloud consumer will generally need to

trust them.

As a result, the cloud consumer’s

trust boundary is expanded beyond
its organizational boundary to
encompass the cloud.
A cloud delivery model represents a specific combination of IT
resources offered by a cloud provider.

Depending on the types of ITresources required by a cloud consumer,

three common delivery models are used:
• Infrastructure-as-a-Service (IaaS)
• Platform-as-a-Service (PaaS)
• Software-as-a-Service (SaaS)

Variations of these delivery models can also exist. Note that a cloud
delivery model is also referred to as a cloud service delivery model
because each model is classified as a different type of cloud service
offering.
The IaaS delivery model provides a self-contained ITenvironment
comprised of infrastructure-centric ITresources.

This environment can include hardware, network, connectivity,

operating systems, and other “raw” ITresources.

In contrast to traditional hosting or outsourcing ITenvironments, with

IaaS, ITresources are typically virtualized and packaged into
bundles that simplify up-front runtime scaling and customization of
the infrastructure.
Infrastructure-as-a-Service (IaaS)
Cloud consumers are provided with a range of contractual guarantees
by the cloud provider, pertaining to characteristics such as capacity,
performance, availability, etc.
The ITresources provided by IaaS are generally raw and not
preconfigured, placing the operational responsibility upon the cloud
consumer.

The IaaS delivery model is therefore used by cloud consumers that

require a high level of control over the cloud-based environment they
intend to create.

Sometimes cloud providers will contract IaaS offerings from other cloud
providers in order to scale their own cloud environments.

The types and brands of the ITresources provided by IaaS products

offered by different cloud providers can vary.
The PaaS delivery model provides a pre-defined cloud environment
with already deployed and configured ITresources suitable for the
development and deployment of applications.

Three common reasons cloud consumers use PaaS:

1. The cloud consumer wants to extend on-premise environments into the
cloud for scalability and economic purposes.
2. The cloud consumer uses the ready-made environment to entirely
substitute an on-premise environment.
3. The cloud consumer wants to become a cloud provider and deploys its
own cloud services that are made available to other external cloud
consumers.
The cloud service consumer is given
access to a ready-made environment on
a virtual server (also with contractual
guarantees) but will typically not be given
knowledge of any further implementation
details.
The SaaS delivery model generally represents a product that exists
as a shared cloud service offered by a cloud provider to cloud
consumers.

The cloud consumer leases the cloud service from the cloud
provider, who is responsible fro maintaining the cloud service’s
underlying ITresources.

SaaS offerings are typically provided so that cloud consumers can

gain access to the cloud service with minimal up-front effort.
Software-as-a-Service (SaaS)
The cloud service consumer is given access the cloud service
contract, but not to any underlying ITresources or implementation
details.
Unlike with IaaS and PaaS models, the SaaS delivery model does not
provide cloud consumers with administrative control over the cloud
service or its ITresources.

Cloud consumers are granted usage control over the cloud service
– administrative control is retained by the cloud provider.
Administrative Control
The three delivery models differ with respect to the functionality and the
level of administrative control provided to cloud consumers.
Activities Control
Typical activities carried out by cloud consumers and cloud providers in
relation to the cloud delivery models
With the IaaS delivery model:
• The cloud provider will typically have full administrative control over the
physical hardware, physical network, storage devices, and virtualization
platforms.

• The cloud consumer will typically have full or partial administrative

control over virtual servers, databases, cloud service implementations,
and security settings.
With the PaaS deliverymodel:
• The cloud provider will typically have full administrative control over all
items listed under the IaaS model, plus virtual servers and databases.

• The cloud consumer’s administrative control is limited to the ready-

made environment(instead of accessing server settings directly,
administrative configuration are made via custom front-end provided
by the ready-made environment).
With the SaaS delivery model:
• The cloud provider will typically have full administrative control over all
items listed under the IaaS model, plus virtual servers and databases
and often the service implementation itself.

• The cloud consumer’s administrative control is limited to service

implementation which can be configured via a custom front-end.
As pointed out with each of the three preceding scenarios, there
are common steps to realizing each of the three cloud delivery
models.

This highlights a natural layered relationship between the three

delivery models providing cloud providers with the option of
establishing one cloud delivery model by leveraging ITresources
from another.

The following pages explore common combinations of cloud

delivery models.
To set up a PaaS environment a
cloud provider can leverage
physical and/ or virtual servers
provided by an existing IaaS
environment.

The PaaS ready-made

environments are built upon
virtual servers and physical
servers provided by a separate
IaaS environment.
The decision by a cloud provider to lease IT
resources from another cloud provider can be
economical or it may be influenced by cloud
consumer requirements. For example, a cloud
consumer may have a legal requirements for
data to be physically stored in a specific region
(for which the cloud provider needs to contract
a different cloud provider).
All three cloud delivery models can be combined to establish layers
of ITresources that build upon each other.

Using the ready-made environment provided by PaaS, a cloud

consumer organization can develop and deploy its own SaaS cloud
service that it can then make available as a commercial product.
A cloud deployment model represents a specific type of cloud
environment, primarily distinguished by ownership and size.

There are four common deployment models:

• Public Cloud
• Community Cloud
• Private Cloud
• Hybrid Cloud

(Variations of these deployment models can also exist)

A public cloud is a publically accessible cloud environment owned by
a third-party cloud provider.

The ITresources (usually offered via the previously described delivery

models) on public clouds are generally offered to cloud consumers at
a cost.

The cloud provider is responsible for the creation and on-going

maintenance of the public cloud and its ITresources.
A community cloud is similar to a public cloud except that its access is
limited to a specific community of cloud consumers.

The community cloud may be jointly owned by the community

member or it may be owned by a third-partu cloud provider that
provisions a public cloud with limited access.

The member cloud consumers of the community typically share the

responsibility for defining and evolving the community cloud.

However, membership in the community does not necessarily

guarantee access or control to the cloud’s ITresources.
A private cloud is owned by a single organization.

Private clouds enable an organization to use cloud computing

technology as a means of centralizing access to ITresources by different
parts of theorganization.

The use of a private cloud can change how organizational and trust
boundaries are defined and applied.

The actual administration of a private cloud environment may be

carried out by internal or outsourced staff.
External private clouds can effectively extend on-premise
infrastructure to ITresources that are physically isolated in the private
cloud environment through the use of a virtual primate network
(VPN).
With a private cloud, the same organization is technically both the
cloud consumer and cloud provider.

In order to differentiate these roles:

• a separate organizational department typically assumes the
responsibility for provisioning the cloud (and therefore assumes the
cloud provider role)

• departments requiring access to the private cloud assume the cloud

consumer role
A hybrid cloud is a cloud environment of two or more different
cloud deployment models.

For example, a cloud consumer may choose to deploy cloud

services processing sensitive data to a private cloud and non-
sensitive cloud services to a public cloud.

The result of this combination is a hybrid deployment model.

Hybrid deployment models can be complex and challenging to

create and maintain.
Benefits of
Cloud Computing
The following represent the primary benefits of cloud
computing:

• Reduced Investment and Proportional Costs

• Increased Scalability

• Increased Availability and Reliability

By using virtualization, a cloud provider can offer the same ITresource to
multiple cloud consumers.

Cloud consumers that use cloud-based ITresources can generally lease

them with a pay-for-use model.

With this model, cloud consumers pay a usage fee for only the amount
of the ITresource actually used, resulting in directly proportional costs.

This gives an organization access to ITresources without having to

purchase its own, resulting in reduced investment requirements.
 By lowering required investments and incurring costs that are
proportional to their needs, cloud consumers can scale their IT
enterprise effectively and pro-actively.

As an example, this chart compares the

costs of on-premise IT resources with the
costs of cloud-based IT resources over a
three-year period.
ITresources can be flexibly acquired from a cloud provider, almost
instantaneously and at a wide variety of usage levels.

By scaling with cloud-based ITresources, cloud consumers can

leverage this flexibility to increase their responsiveness to foreseen
changes and unforeseen changes.

This holds true for when a cloud consumer needs to scale IT

resources, based on current requirements.
The depicted example illustrates the variation of demand for an
application server during a period of 24 hours, measured in concurrent
users.

Assuming one server from a given cloud provider is

able to handle 2,000 concurrent user, the cloud
consumer can adjust the usage as necessary (in this
case between 1 and 5 servers) and pay only for the
hours of serverusage.
An ITresource with increased availability is available for longer periods of
time (for example, 22 hours out of a 24 hour day).

An ITresource with increased reliability is able to better avoid and recover

from exception conditions.

Cloud providers generally offer resilient ITresources for which they are able
to guarantee high levels of availability.

Cloud environments can be based on a modular architecture that provides

extensive failover support to further increase reliability.

Note that availability and reliability are explained in detail in the Service
Level Agreements section.
In the upcoming example, a cloud transparently provides increased
availability and reliability.

During the two illustrated message exchanges, the cloud service

consumer is unaware it is interacting with different implementations
of Cloud Service A located in different geographical regions.

There are many different types of cloud-based technology

architectures that can be created to support this benefit, including
the option for one cloud to leverage ITresources in another cloud.
The details for each step are
provided on the next page.
1. The cloud service consumer invokes capability1 of Service A. Service A is
a cloud-based service that is physically implemented on a server residing
in a specific geographic region (Region 1).

2. Cloud Service A replies with the expected response message.

3. The next time the cloud service consumer attempts to invoke the same
capability of the same service, the cloud determines that the previous
implementation (the one residing in Region 1) is currently unavailable. The
request message is therefore automatically routed to a different
implementation of Cloud Service A, which resides in a different
geographic region (Region 2).

4. Cloud Service A replies with the expected response message.