Community Cloud

In this reading, you will learn about community cloud and how it is implemented
with reference to Google Cloud as an example.
What is a community cloud?
A community cloud is defined by NIST SP 800-145 as:
“Cloud infrastructure [that] is provisioned for exclusive use by a specific community
of consumers from organizations that have shared concerns (e.g., mission, security
requirements, policy, and compliance considerations). It may be owned, managed,
and operated by one or more of the organizations in the community, a third party,
or some combination of them, and it may exist on or off premises.”
Why community cloud?
Community cloud approach is used by organizations for the following reasons:
 The community cloud members work under the same set of security controls.
 The approach provides the members the same attributes like citizenship and
authorization controls while giving limited physical and/or logical access to
resources.
 It also supports data localization and some data sovereignty requirements
based on the location of the community cloud’s data centers.
 The approach defines a perimeter security model encompassing the
community cloud.
Implementation of software-defined community cloud
To establish a security perimeter, most legacy community clouds depend on
physical separation from other clouds. However, this implementation could not
meet the advanced security, manageability, or compliance requirements of the
industry.
In the modern architecture, a software-defined community cloud is designed to
deliver the required benefits. Google Cloud is a software-defined approach that
provides security and compliance assurances without the strict physical
infrastructure constraints of legacy approaches. The Google community clouds use
a combination of technologies referred to as “assured clouds” that can:
 Define communities around common projects, security and compliance
requirements, and policy.
 Separate shared community projects from other projects.
 Modify capabilities of a community’s boundary based on policy-controlled and
audited configuration changes.
Comparison between traditional and software-defined community cloud
The software-defined community cloud provides many benefits to the users in
comparison to the traditional community cloud implementation. The following table
depicts the comparison between the two implementations based on the
characteristics as stated in the definition given by NIST.

Characteristic NIST Definition SP 800- Traditional Cloud Software-Defined

145 Community Community Cloud
Implementation

Infrastructure The cloud infrastructure is Separate data centers Each project is effective
Exclusivity provisioned for exclusive use with separate private cloud with isolat
by a specific community of infrastructure infrastructure primitive
consumers from organizations
that have shared concerns

All users (implied) Same security controls Assured Workloads con

subject to apply across exclusive are scoped to the comm
common infrastructure shared by and enforced through te
security the community of service
controls

Personhood It may be owned, managed, Personnel must be Access management se

and citizenship and operated by one or more physically located at restricts support to pers
of support staff of the organizations in the dedicated facilities with required attributes
community, a third party, or (personhood, citizenshi
some combination of them, work location, and more

Data and it may exist on or off Community dedicated Enforced by software

localization premises storage devices

Defined (implied) The community is the Each project is its own

security enclave enclave
parameter

Software defined community cloud as a new type of “Government Cloud”

In Google Cloud Platform (GCP), a project is a unique, logical grouping of
“infrastructure primitives.” In this context, an infrastructure primitive is any atomic
unit of capacity in GCP – a virtual machine (VM), a persistent disk (PD), a storage
bucket, and others. Projects are “global resources” that can be assigned
infrastructure primitives from any region or zone.
Every project is an individual project separate from other customers’ projects. Low-
level resources like hypervisors, blocks in our distributed blockstore that underlies
Google Cloud Storage (GCS), and other components are isolated with resource
abstractions that enforce the isolation both logically and cryptographically.
A Private Cloud deployment model is defined in NIST SP 800-145 as:
Cloud infrastructure [that] is provisioned for exclusive use by a single organization
comprising multiple consumers (such as business units). It may be owned,
managed, and operated by the organization, a third party, or some combination of
them, and it may exist on or off premises.
When a project is created within GCP, the infrastructure primitives that are assigned
to that project are scoped to only that project. This scoping of infrastructure
primitives effectively creates an “enclave” per Project.
When overlaid with Assured Workloads constraints for data residency, support
personnel attributes, and security controls common to that community, these per-
project private cloud enclaves become software-defined community clouds.
Benefits of a software-defined community cloud
The approach Google Cloud has taken brings multiple benefits such as meeting
security and compliance requirements. New hardware, new services, and
improvements to existing services are accessed faster than in traditional
community clouds. The process by which new cloud technology can be onboarded
and made available is also faster. Overall efficiency is improved in this model due to
the scale of infrastructure available to the community; this can translate to
improved availability and performance. Security enhancements can be scaled and
implemented more quickly.

Lesson 2 Summary: Deployment Models

In this lesson, you have learned:
 Deployment models indicate where the infrastructure resides, who owns and
manages it, and how cloud resources and services are made available to
users. There are four main deployment models available on the cloud—
public, private, hybrid, and community.
 In the public cloud model, the service provider owns, manages, provisions,
and maintains the physical infrastructure such as data centers, servers,
networking equipment, and storage, with users accessing virtualized
computing, networking and storage resources as services.
 In the private cloud model, the provider provisions the cloud infrastructure for
exclusive use by a single organization. The private cloud infrastructure can
be internal to the organization and run or on-premises. Or it can be on a
public cloud, as in the case of Virtual Private Clouds (VPC), and be owned,
managed, and operated by the cloud provider.
 In the hybrid cloud model, an organization’s on-premise private cloud and a
third-party, public cloud are connected as a single, flexible infrastructure that
leverages the features and benefits of both Public and Private clouds.
 In the community cloud model, the provider provisions the cloud
infrastructure for use by a community of organizations with shared concerns.
One or more of the organizations in the community, a third-party provider, or
 both are responsible for the ownership, management, and operation of this
infrastructure.

 Module 2 Glossary: Cloud Computing

Models
Term Definition
BPM Business Process Management
Composite A variant of hybrid multicloud, distributes single applications across multiple providers, allow
multicloud you to move application components across cloud services and vendors as needed
CRM Customer Relationship Management
HCM Human Capital Management
Hybrid A computing environment that connects an organization’s on-premises private cloud and third-
cloud public cloud into a single, flexible infrastructure for running the organization’s applications an
workloads
Hybrid A hybrid cloud with one cloud provider
monocloud
Hybrid An open standards-based stack that can be deployed on any public cloud infrastructure
multicloud
IaaS Infrastructure as a service is a form of cloud computing that delivers fundamental compute, ne
and storage resources to consumers on-demand, over the network, on a pay-as-you-go basis
IoT Internet of things
MDM Master Data Management
PaaS Platform as a service is a cloud computing model that provides customers a complete platform
hardware, software, and infrastructure—to develop, deploy, manage, and run applications crea
them or acquired from a third-party
Pay-as-you- Users can order cloud resources from a larger pool of available resources and pay for them on
go use basis
Private Cloud infrastructure provisioned for exclusive use by a single organization comprising multipl
Cloud consumers, such as the business units within the organization
Public cloud Users get access to servers, storage, network, security, and applications as services delivered b
cloud service providers over the internet
SaaS Software as a service is a cloud offering that provides users with access to a service provider’s
based software
SIP SaaS integration platforms
TCO Total cost for ownership
VM Virtual machine
VPC Virtual Private Cloud