Chapter 5

Cloud Computing Reference Model

74
What is a Reference Model?

According to Organization for the Advancement of

Structured Information Standards (OASIS), a reference
model is an abstract framework for understanding the
significant relationships among the entities of some
environment, and for the development of consistent
standards or specifications supporting that environment. A
reference model is based on a small number of unifying
concepts and may be used as a basis for education and
explaining standards. A reference model is not directly tied
to any standards, technologies, or other concrete
implementation details, but it does seek to provide a
common semantics that can be used unambiguously across
and between different implementations.

Key goals of reference model are:

• Conveys fundamental principles and basic

functionality of a system it represents

• Facilitates efficient communication of system details

between stakeholders

• Provides a point of reference for system designers to

extract system specifications

75
 • Enhances an individual’s understanding of the
representative system

• Documents the system for future reference and

provides a means for collaboration

Cloud Computing Reference Model

The cloud computing reference model is an abstract model

that characterizes and standardizes the functions of a cloud
computing environment by partitioning it into abstraction
layers and cross-layer functions. This reference model
groups the cloud computing functions and activities into five
logical layers and three cross-layer functions.

The five layers are physical layer, virtual layer, control layer,
service orchestration layer, and service layer. Each of these
layers specifies various types of entities that may exist in a
cloud computing environment, such as compute systems,
network devices, storage devices, virtualization software,
security mechanisms, control software, orchestration
software, management software, and so on. It also describes
the relationships among these entities.

The three cross-layer functions are business continuity,

security, and service management. Business continuity and
security functions specify various activities, tasks, and

76
processes that are required to offer reliable and secure cloud
services to the consumers. Service management function
specifies various activities, tasks, and processes that enable
the administrations of the cloud infrastructure and services
to meet the provider’s business requirements and
consumer’s expectations.

77
78
 Cloud Computing Layer

Physical Layer

Physical layer is the foundation layer of the cloud

infrastructure. Physical layer specifies the physical entities
that operate at this layer such as compute systems,
networking devices, and storage devices. This layer also
specifies the entities such as operating environment,
protocols, tools, and processes that enable the physical
entities of this layer to perform their functions and serve
other layers of the cloud infrastructure. A key function of
this layer is to execute the request generated from the
virtualization layer or control layer. Examples of requests
from the layers include storing data on the storage devices,
performing communication among compute systems,
executing programs on a compute systems, creating backup
copy of data, or executing security policy to block an
unauthorized activity.

79
Virtual Layer

Virtual layer is deployed on the physical layer. It specifies

the entities that operate at this layer such as virtualization
software, resource pools, and virtual resources. A key
function of this layer is to abstract physical resources, such
as compute, storage, and network, and make them appear as
virtual resources. Virtualization software deployed on
compute systems, network devices, and storage devices
perform the abstraction of the physical resources on which
they are deployed. Abstracting the physical resources
enables multitenant environment, thereby improving the
utilization of the physical resources. Improved utilization of
physical resources results in increased return-on-investment
(ROI) on the infrastructure entities.

Virtualization software is also responsible for pooling

physical resources from which virtual resources are
created. Examples of virtual resources include virtual
machines, LUN, and virtual network. The request to create
resource pools and virtual resources is generated by the
control layer. After receiving the request from the control
layer, the virtual layer executes the requests. Apart from
creating the resource pools and the virtual resources,
virtualization software also support features that enable

80
optimized resource utilization that further increases return-
on-investment.

Other key functions of this layer include executing the

requests generated by the control layer, and it also includes
forwarding requests to the physical layer to get them
executed. Examples of requests generated by the control
layers include creating pools of resources and creating
virtual resources.

Note: While deploying a cloud infrastructure, organization

may choose not to deploy virtual layer. In such an
environment, the control layer is deployed over the physical
layer and it can directly request the physical layer to
perform an operation. Further, it is also possible that part
of the infrastructure is virtualized and rest is not virtualized.

81
Control Layer

Control layer can be deployed either on the virtual layer or

on the physical layer. It specifies the entities that operate at
this layer such as control software. A key function of this
layer includes executing the requests generated by the
service layer in collaboration with the orchestration layer.
Another key function of this layer includes forwarding
requests to the virtual and/or physical layer to get them
executed. Examples of requests generated by the service
layer include creating service instance such as compute
system instance for IaaS and application instance for SaaS.

The other key functions that are performed by control

software are resource configuration, resource pool
configuration, and resource provisioning. The control
software in collaboration with the virtualization software
enables resource pooling, dynamic allocation of resources,
creating virtual resources, and optimizing utilization of
resources. The control software initiates all the requests such
as resource configuration, resource pooling, resource
provisioning, and so on. These requests are passed on to the
virtual layer or physical layer. In the absence of virtual layer,
the requests generated by the control layer are passed on to
the physical layer. In this case, these requests are fulfilled by

82
the operating environment in collaboration with the control
software.

This layer also exposes resources (physical and/or virtual) to

and supports the service layer where cloud service interfaces
are exposed to consumers.

Service Orchestration Layer

Service orchestration layer specifies the entities that can

operate at this layer such as a orchestration software. A key
function of this layer is to provide workflows for executing
automated tasks to accomplish a desired outcome. Workflow
refers to a series of inter-related tasks that perform a business
operation. The orchestration software enables this automated
arrangement, coordination, and management of the tasks.
This helps to group and sequence tasks with dependencies
among them into a single, automated workflow.

Associated with each service listed in the service catalog,

there is an orchestration workflow defined. When a
consumer selects a service from the service catalog, an
associated workflow in the orchestration layer is triggered.
Based on this workflow, the orchestration software interacts
with various entities (from control layer, business continuity
function, security function, and service management

83
function) to invoke the provisioning tasks to be executed by
the entities.

Service Layer

The service layer is accessible to the cloud consumers. This

layer specifies the entities that can operate at this layer such
as service catalog and self-service portal. A key function of
this layer is to store and present the information about all the
services offered to the cloud consumers in a service catalog.
A service catalog is a database of information about the
cloud services offered by a service provider. The service
catalog includes a variety of information about the services,
including description of the services, the types of services,
cost, supported SLAs, security mechanisms, and so on.

Another key function of this layer is to enable cloud

consumers to access and manage the cloud services via a
self-service portal. A self-service portal displays the service
catalog to the consumers. Consumers can use this web portal
to request for cloud services. In addition to the service
catalog, it also provides interface to access and manage the
rented service instances. The provisioning and management
requests are passed on to the orchestration layer, where the
orchestration workflows—to fulfill the requests—are
defined.

84
 Cross-layer Function

Business Continuity

Business continuity (BC) cross-layer function specifies the

adoption of proactive and reactive measures that enable a
business to mitigate the impact of planned and unplanned
downtime. Proactive measures include activities, tasks,
processes such as business impact analysis, risk assessment,
and technology solutions deployment (such as backup and
replication). Reactive measures include activities, tasks,
processes such as disaster recovery and disaster restart to be
invoked in the event of a service failure. This function
supports all the layers—physical, virtual, control,
orchestration, and service—to provide uninterrupted
services to the consumers. The BC cross-layer function of a
cloud infrastructure enables a business to ensure the
availability of services in line with the Service Level
Agreement (SLA).

85
Security

Security cross-layer function specifies the adoption of

administrative and technical mechanism that can mitigate or
minimize security threats and provide a secure cloud
environment. Administrative mechanisms include security
and personnel policies or standard procedures to direct the
safe execution of various operations. Technical mechanisms
are usually implemented through tools or devices deployed
on the IT infrastructure. Examples of technical mechanisms
include firewall, intrusion detection and prevention systems,
antivirus, and so on.

Governance, risk, and compliance (GRC) specifies

processes that help an organization ensure that their acts are
ethically correct and in accordance with their risk appetite
(the risk level an organization chooses to accept), internal
policies, and external regulations. Security mechanisms
should be deployed to meet the GRC requirements.

This cross-layer function supports all the layers—physical,

virtual, control, orchestration, and service—to provide
secure services to the consumers.

86
Service Management

Service management function specifies adoption of

activities related to service portfolio management and
service operation management. Adoption of these activities
enables an organization to align the creation and delivery of
cloud services to meet their business objectives and to meet
the expectations of cloud service consumers.

Service portfolio management encompasses the set of

business-related services that:

• Define the service roadmap, service features, and

service levels

• Assess and prioritize where investments across the

service portfolio are most needed

• Establish budgeting and pricing

• Deal with consumers in supporting activities such as

taking orders, processing bills, and collecting
payments

Service portfolio management also performs market

research, measures service adoption, collects information
about competitors, and analyzes feedback from consumers
in order to quickly modify and align services according to
consumer needs and market conditions.

87
Service operation management enables cloud administrators
to manage cloud infrastructure and services. Service
operation management tasks include handling of
infrastructure configuration, resource provisioning, problem
resolution, capacity, availability, and compliance
conformance. All of these tasks enable ensuring that services
and service levels are delivered as committed. Service
operation management also includes monitoring cloud
services and their constituent elements. This enables the
provider to gather information related to resource
consumption and bill generation. This function supports all
the layers to perform monitoring, management, and
reporting for the entities of the infrastructure.

88
Deployment Options

Before building a cloud infrastructure, organizations must

identify which deployment option is appropriate for them.
There are two deployment options for building a cloud
infrastructure and they are greenfield deployment option and
brownfield deployment option. A greenfield deployment
option is typically used when an infrastructure does not exist
and an organization ha to build the cloud infrastructure
starting from the physical layer. On the other hand, a
brownfield deployment option is used when some of the
infrastructure entities exist, which can be transformed to a
cloud infrastructure by deploying the remaining entities
required for the cloud infrastructure. For example, consider
that an organization wants to use a brownfield deployment
option to transform their existing data center, which has the
physical, virtual, and control layers deployed. In such cases,
the data center also has the business continuity, security, and
service management in place. However, these three cross-
layer functions are limited to a non-cloud environment.
While transforming the existing data center to a cloud
infrastructure, the organization will have to deploy the
orchestration layer and the service layer. Further, the BC,
security, and the service management functions will have to
be transformed to support the cloud environment.

89
In both deployment options, apart from deploying the five
layers and the three cross-layer functions, the organizations
have to consider several factors that will enable them to
deploy the cloud services that will meet the consumers’
expectations. These factors are covered later in this module.

90