NIST Cloud Computing Reference Architecture

NIST cloud computing reference architecture is discussed in this chapter. Different major
actors, their activities and roles in cloud computing environment are discussed in detail. A
generic high-level architecture is shown in the gure.
There are ve major actors in NIST cloud computing reference architecture as shown in
above gure.

These actors are listed below

• Cloud Consumer.
• Cloud Provider.
• Cloud Carrier.
• Cloud Auditor.
• Cloud Broker.

Each actor is an entity may be a person or an organization that participates in a transaction or

process and/or performs tasks in cloud computing.

Activities and roles perform by each actor is discussed here one by one.

1. Cloud Consumer
• Cloud consumer is the main participants of cloud computing environment.
• A cloud consumer is a person or organization that use the cloud services such as
SaaS, PaaS and IaaS.
• A cloud consumer browses the service catalog provided by a cloud provider, cloud
consumer requests the appropriate service.
• Cloud provider sets up cloud environment for the service and make a contracts
with the cloud consumer for the use of the service.
• Cloud consumers need cloud Service Level Agreement(SLA).
SLA act as a agreement for technical performance requirements provided by a cloud provider.

Some terms and conditions regarding the quality of service, security, remedies for
performance failures are mentioned in the SLA.

Software as a service applications in the cloud are made accessible via a network to the SaaS
consumers.
The consumers of SaaS may be a organizations that gives their employee with access to
software applications, end users who directly use software applications, or it may be software
application administrators who is responsible for con gure applications on the software for
the customers.

Platform as a service can also be employ by the consumer the tools to develop, test, deploy
and manage the applications hosted in a cloud environment.

• PaaS consumers can be application developers who design and implement application
software in software company.
fi
fi
fi
fi
• PaaS consumer may be application testers who run and test applications in cloud-based
environments, application deployers who publish applications into the cloud,

• PaaS may be a application administrators who con gure and monitor application
performance on a platform.

Cloud Consumers of Infrastructure as a service have access to different hardware

resources like virtual computers, network devices such as router, storage media and other
fundamental computing resource.

The consumers of Infrastructure as a service may be system developers, system

administrators and IT managers who creates, install, manage and monitor the services for IT
infrastructure operations.

2. Cloud Provider
• A cloud provider is responsible for making a service available to the cloud
consumer. Cloud provider may be a person , team or an organization.
• A Cloud Provider maintain and manages the different cloud computing services for
the consumer and makes arrangement to deliver the cloud services to the Cloud
Consumers suing network access or internet.
In context to Software as a Service Cloud provider is responsible for deploys, con guring,
maintaining and updating the operation of the software applications on a cloud infrastructure
so that the services are provisioned as per the required levels by the cloud consumers.
fi
fi
The major responsibilities of cloud provider in context to software as a service are to
manage , control the applications and overall infrastructure.

In context to Platform as a Service, the Cloud Provider manages the computing

infrastructure for the platform and runs the cloud software that provides the components of
the platform. These components may be software execution stack, databases and some other
components that act as middleware.
The PaaS Cloud Provider generally supports the development, deployment and management
process of the Platform as a Service.

Some integrated tools like IDE, SDK, development version of cloud software, deployment
and management are also the part of Platform as a Service.

Physical computing resources such as servers, networks, storage and hosting infrastructure
are also maintain and manage by the cloud provider for the consumer of Infrastructure as a
Service.
The Cloud Provider implement the cloud software so that computing resources become
available to the Cloud Consumer who use the infrastructure as service through a set of service
interface and virtual network interfaces that helps in resource abstraction.

3. Cloud Auditor
A cloud auditor is a dedicated team of technically skilled person that can perform an
independent examination or review of cloud service controls with the intent to express
strength and weakness of the process and some suggestion or improvement.

Audits are performed to verify the standards of services after checking the evidence.

Major role of a cloud auditor is to evaluate the services provided by a cloud provider against
the parameters such as security controls, privacy impact and performance etc.

To perform the audit of security a cloud auditor do the assessment of the security controls in
the information system to determine the extent to which the controls are implemented
accurately and operating as per expectation and producing the desired outcome with respect
to the security requirements for the system.

4. Cloud Broker
Some time services integrations becomes more complex due to which it becomes dif cult for
the cloud consumer to manage the cloud service.

In such situation cloud consumer request cloud services from cloud broker. Cloud Broker acts
as mediator between consumer and provider.

• A cloud broker manages the delivery of cloud services , their performance and use.
• A cloud broker negotiates relationships between cloud providers and cloud
consumers.
In general, a cloud broker involves in three types of activities which are as follow

Service Intermediation
fi
 A cloud broker may enhances a given service by improving some speci c capability and
providing value-added services to cloud consumers.

The improvement may be related to managing the access to cloud services, identity
management, performance reporting, enhanced security, etc.

Service Aggregation
Services aggregation can be seems as combining and integrating multiple services into one or
some more new services.

The broker ensures the data movement between the cloud consumer and multiple cloud
providers in secure manner.

A cloud broker also provides the data integration.

Service Arbitrage
Service arbitrage is very similar to service aggregation but there is a little bit difference also.

In service arbitrage the services to be aggregated are not xed in advance.

In Service arbitrage a broker has the exibility to select the services from multiple agencies.

The cloud broker, for example, can use a credit-scoring service to measure and select an
agency with the best score.

5. Cloud Carrier
Cloud Carrier is another important actors in NIST cloud computing reference architecture.

• Role of cloud carrier is to provide the connectivity and transport of cloud services
between cloud consumers and cloud providers.
• Cloud carriers provide access to consumers through network, telecommunication
and other access devices.
For example- cloud consumers can obtain cloud services through network access devices,
such as computers, laptops, mobile phones, mobile Internet devices.

What is Platform-as-a-Service (PaaS)?

In the Platform-as-a-Service (PaaS) model, developers essentially rent everything they need
to build an application, relying on a cloud provider for development tools, infrastructure, and
operating systems. This is one of the three service models of cloud computing. PaaS vastly
simpli es web application development; from the developer's perspective, all backend
management takes place behind the scenes. Although PaaS has some similarities
with serverless computing, there are many critical differences between them.
fi
fl
fi
fi
What are the three service models of cloud computing?

The three models of cloud computing are PaaS, SaaS (Software-as-a-Service), and IaaS
(Infrastructure-as-a-Service). IaaS refers to cloud computing infrastructure – servers, storage,
etc. – managed by a cloud vendor, while SaaS refers to full applications that are hosted in the
cloud and maintained by the SaaS vendor. If a SaaS customer is like someone renting a
house, then a PaaS customer is like someone renting all the heavy equipment and power tools
necessary to rapidly build a house, if the tools and equipment were continually maintained
and repaired by their owner.

How does PaaS compare to internally hosted development environments?

PaaS can be accessed over any internet connection, making it possible to build an entire
application in a web browser. Because the development environment is not hosted locally,
developers can work on the application from anywhere in the world. This enables teams that
are spread out across geographic locations to collaborate. It also means developers have less
control over the development environment, though this comes with far less overhead.

What is included in PaaS?

The main offerings included by PaaS vendors are:

• Development tools

• Middleware

• Operating systems

• Database management

• Infrastructure

Different vendors may include other services as well, but these are the core PaaS services.

Development tools

PaaS vendors offer a variety of tools that are necessary for software development, including a
source code editor, a debugger, a compiler, and other essential tools. These tools may be
offered together as a framework. The speci c tools offered will depend on the vendor, but
PaaS offerings should include everything a developer needs to build their application.

Middleware

Platforms offered as a service usually include middleware, so that developers don't have to
build it themselves. Middleware is software that sits in between user-facing applications and
the machine's operating system; for example, middleware is what allows software to access
fi
input from the keyboard and mouse. Middleware is necessary for running an application, but
end users don't interact with it.

Operating systems

A PaaS vendor will provide and maintain the operating system that developers work on and
the application runs on.

Databases

PaaS providers administer and maintain databases. They will usually provide developers with
a database management system as well.

Infrastructure

PaaS is the next layer up from IaaS in the cloud computing service model, and everything
included in IaaS is also included in PaaS. A PaaS provider either manages servers, storage,
and physical data centers, or purchases them from an IaaS provider.

Why do developers use PaaS?

The most common bene ts of PaaS compared to running and maintaining your own
environment include:

- Faster time to market

No heavy lifts required. Developers have instant access to a complete application

development platform that they don’t have to build or manage, freeing up time to develop
and deploy.

- Low maintenance
fi
In-house application stacks come with headaches, especially when it comes to upgrades. With
PaaS, the provider is responsible for keeping everything up-to-date—and none of the
maintenance pain is yours.

- Cost-effective pricing

PaaS resources are on-demand, so you only pay for what you actually use. A PaaS also
provides access to advanced development tools and capabilities that might be too expensive
to purchase outright.

- Easy scalability

No more worrying about capacity. PaaS lets you scale down for low-traf c periods or scale
up immediately to meet unexpected surges in demand.

- Flexible access

Development and DevOps teams can access shared PaaS services and tools from anywhere
and on any device over an internet connection.

- Shared security

With PaaS, the provider is responsible for securing the infrastructure. Most major PaaS
service providers also offer guidelines and best practices for building on their platforms.
fi
What is software-as-a-service (SaaS)?

Software-as-a-service, or SaaS for short, is a cloud-based method of providing software to

users. SaaS users subscribe to an application rather than purchasing it once and installing it.
Users can log into and use a SaaS application from any compatible device over the Internet.
The actual application runs in cloud servers that may be far removed from a user's location.

A SaaS application may be accessed through a browser or through an app. Online email
applications that users access through a browser, such as Gmail and Of ce 365, are common
examples of SaaS applications.

The difference between SaaS and a software installation on a user's computer is somewhat
like the difference between streaming a TV show online and buying all the seasons of the TV
show on DVD.

Someone who buys a TV show on DVD only needs to pay for it once; however, they will
need to store and maintain the DVDs, and if they change their hardware – for instance, if they
replace their DVD player with a Blu-ray player – then they will need to purchase the physical
media again. Streaming the show instead means a third party handles all the storage and
upgrades, and all a user needs to do is press play. However, streaming is dependent on an
Internet connection, and users typically need to pay a recurring monthly fee to maintain their
access.
fi
What does 'as a service' mean?

Consider the difference between valet parking and renting a parking spot. Valet parking is a
service, while a parking spot is a product, even though both provide the same bene t to the
customer: a place to leave their car.

Traditionally, software vendors sold their software to users as a product. However, in the
SaaS model they actively provide and maintain the software for their users, via the cloud.
They host and maintain the databases and code necessary for the application to run, and they
run the application on their servers. Thus, SaaS is more like a service than a product.

What are the advantages and disadvantages of using SaaS?

The SaaS model has a number of pros and cons, although for modern businesses and users
the pros of SaaS often outweigh the cons. Here are some of the advantages and disadvantages
of using SaaS applications:

Advantage: Access from anywhere, on any device. Typically, users can log into SaaS
applications from any device and any location. This offers a great deal of exibility –
businesses can allow employees to operate all over the world, and users can access their les
no matter they are. In addition, most users use multiple devices and replace them often; users
don't need to reinstall SaaS applications or purchase new licenses each time they switch to a
new device.

Advantage: No need for updates or installations. The SaaS provider updates and patches the
application on an ongoing basis.

Advantage: Scalability. The SaaS provider handles scaling up the application, such as adding
more database space or more compute power as usage increases.

Advantage: Cost savings. SaaS cuts down on internal IT costs and overhead. The SaaS
provider maintains the servers and infrastructure that support the application, and the only
cost to a business is the subscription cost of the application.

Disadvantage: The need for stronger access control. The increased accessibility of SaaS
applications also means that verifying user identity and controlling access levels becomes
very important. With SaaS, organizational assets are no longer kept within an internal
network, separate from the outside world. Instead, user access is based on user identity: if
someone has the right login credentials, they are granted access. Strong identity veri cation
thus becomes crucial.

Disadvantage: Vendor lock-in. A business may become overly reliant on the SaaS application
provider. It is time-consuming and expensive to move to a new application if an
organization's entire database is stored within the old application.
fl
fi
fi
fi
Disadvantage (for enterprises): Security and compliance. With SaaS applications, the
responsibility for protecting those applications and their data moves from internal IT teams
to the external SaaS providers. For small to medium-sized businesses, this is less of a
disadvantage, as large cloud providers typically have more resources for putting strong
security in place. But this can be a challenge if a large business faces tight security or
regulatory standards. In some cases businesses will be unable to assess their applications'
security themselves, for instance by performing penetration testing. Essentially, they have to
take the external SaaS provider's word that the application is secure.

What are some examples of SaaS companies?

As mentioned above, online email providers t into the SaaS category. Other well-known
SaaS companies include Net ix, Salesforce, Slack, MailChimp, and Dropbox.
fl
fi
 What does infrastructure-as-a-service (IaaS) mean?

In computing, infrastructure refers to the computers and servers that run code and store data,
and the wires and appliances that make connections between those machines. For example,
servers, hard drives, and routers are all part of infrastructure. Before cloud computing was an
option, most businesses hosted their own infrastructure and ran all their applications on-
premise.

Infrastructure-as-a-service, or IaaS for short, is when a cloud computing vendor hosts the
infrastructure on behalf of their customers. The vendor hosts the infrastructure in "the cloud"
– in other words, in various data centers. Their customers access this cloud infrastructure over
the Internet. They can use it to build and host web applications, store data, run business logic,
or do anything else that could be done on traditional on-premise infrastructure, but often with
more exibility.

IaaS vs. PaaS vs. SaaS

IaaS is infrastructure hosted in the cloud. IaaS includes virtual servers and cloud storage,
cloud security, and access to data center resources (managed by the IaaS provider).

Pla orm-as-a-service (PaaS) is the next layer in the cloud compu ng service model. It
provides developers with a pla orm for building applica ons. Most PaaS o erings include
development tools, middleware, opera ng systems, databases and database management,
and infrastructure. A PaaS provider either manages the infrastructure themselves or
purchases it as a service from an IaaS provider.

So ware-as-a-service (SaaS) is full applica ons hosted and managed in the cloud. SaaS users
subscribe to an applica on and access it over the Internet rather than purchasing it once and
installing it locally.
ft
tf
fl
ti
tf
ti
ti
ti
ti
ff
Why do developers and businesses use IaaS?

Scalability: It is much easier to expand a business with IaaS as the foundation. Instead of
purchasing, installing, and maintaining a new server every time the business needs to scale
up, they can just add a new server on demand through the IaaS provider. This on-demand
scalability is a major bene t of cloud computing across all cloud service models.

Fewer resources dedicated to server maintenance: With IaaS, a company has essentially
outsourced server purchasing, maintenance, and updating to the IaaS provider. This is
typically cheaper and requires less time and labor from internal teams than they would need
to host their own infrastructure.

Faster time to market: Companies using IaaS can deploy and update applications much
faster, since cloud providers can offer however much infrastructure they need as they need it.

How does IaaS t into multi-cloud and hybrid cloud deployments?

Multi-cloud deployments and most hybrid cloud deployments involve integrating multiple
cloud services. Many businesses taking a multi-cloud approach use one cloud provider for
IaaS and integrate with PaaS and SaaS services on top of that. Some companies may also use
multiple IaaS providers, either for redundancy or for handling separate computing workloads
in parallel.

Businesses using hybrid clouds can integrate IaaS with on-premise infrastructure or private
clouds, along with other public cloud services.

What is a Cloud Deployment Model?

The cloud deployment model identi es the speci c type of cloud environment based on
ownership, scale, access, and the cloud’s nature and purpose. There are various deployment
models are based on the location and who manages the infrastructure.

In order to make the most optimal use of a particular cloud deployment type, you must
understand what each deployment model can do, its characteristics, and its advantages and
disadvantages.

Type of Cloud Deployment Model

Here are some important types of Cloud Deployment models:

• Private Cloud: Resource managed and used by the organization.

• Public Cloud: Resource available for the general public under the Pay as you go model.

• Community Cloud: Resource shared by several organizations, usually in the same

industry.
fi
fi
fi
fi
• Hybrid Cloud: This cloud deployment model is partly managed by the service provided
and partly by the organization.

Type of Cloud Deployment Model

Common Adoption Issues for Cloud

Here are some common adoption issues you will face:

• It is impossible to provide 100% availability without a high-availability architecture.

• Vendor lock-in is also a concern that users always have, but in practice, they live with it.

• It is almost impossible to guarantee 100% of security and privacy protection.

• Enterprise users must maintain business legal documents.

What is a public cloud?

A public cloud is a cloud service offered to multiple customers by a cloud provider. The term
"public cloud" is used to differentiate between the original cloud model of services accessed
over the Internet and the private cloud model. Public clouds include SaaS, PaaS, and IaaS
services.

Like all cloud services, a public cloud service runs on remote servers that a provider
manages. Customers of that provider access those services over the Internet.

What is the difference between a public cloud and a private cloud?

A private cloud is a cloud service that is not shared with any other organization. The private
cloud user has the cloud to themselves.
 By contrast, a public cloud is a cloud service that shares computing services among different
customers, even though each customer's data and applications running in the cloud remain
hidden from other cloud customers.

A public cloud is like renting an apartment, while a private cloud is like renting a similarly
sized house. The house is more private, but it also typically costs more to rent, and it's not the
most ef cient use of resources. Maintenance in the apartment is handled by the building
supervisor, but it's harder to get a contractor out to x the house (sometimes, the tenant may
have to do it themselves).

There are hosted private clouds, which are offered by a third party cloud provider, and
internal private clouds, which are managed and maintained by an organization internally.

What is multitenancy?

Because multiple organizations share a public cloud, multiple organizations will sometimes
be using the same physical server at the same time. This is called multitenancy.

Multitenancy is when multiple customers of a cloud provider are accessing the same server.
Data from two different companies could be stored on the same server, or processes from two
different applications could be running on the same server.

What are the pros and cons of using a public cloud?

Pros:

• Cost savings: Moving to a public cloud is a way for companies to cut down IT operations
costs. Essentially, they are outsourcing these costs to a third party who can handle them
more ef ciently. Public clouds also typically cost less than private clouds, because the
cloud provider is able to maximize their use of hardware and their pro ts by selling their
services to multiple customers at once.

• Less server management: If an organization uses a public cloud, internal teams don't have
to spend time managing servers – as they do for legacy on-premises data centers or for
internal private clouds

• Security: Many small and medium sized businesses may not have the resources to
implement strong security measures. By using a public cloud service, they can outsource
some aspects of cyber security to a larger provider with more resources.

Cons:

• Security and compliance concerns: Multitenancy might be a concern for businesses that
need to meet strict regulatory compliance standards. Multitenancy also comes with a very
small risk of data leakage, which may be more risk than some businesses in specialized
elds are willing to tolerate. (In fact, the risk is miniscule; most cloud providers follow
extremely high security standards.) Finally, it can be dif cult to deploy the same security
fi
fi
fi
fi
fi
fi
 policies both for an organization's internal resources and for a public cloud that is
somewhat outside of an organization's control (especially during a cloud migration.

• Vendor lock-in: This is always a concern with cloud technology. An organization that uses
the cloud will save money and become more exible, but it can also end up reliant upon
the cloud vendor's services – the virtual machines, storage, applications, and technologies
they provide – in order to maintain their business operations.

What is a private cloud?

A private cloud is a cloud service that is exclusively offered to one organization. By using a
private cloud, an organization can experience the bene ts of cloud computing* without
sharing resources with other organizations.

A private cloud can either be inside an organization or remotely managed by a third party and
accessed over the Internet (but unlike a public cloud, it is not shared with anyone).

*Cloud computing is the practice of hosting computational services in remote servers that can
be accessed over the Internet.

Private cloud vs. public cloud

Think of public cloud computing as being like a laundromat. Typically, a laundromat has
enough machines for everyone to do the laundry they need, even though it is shared by
multiple strangers.

A private cloud is like a laundromat that belongs to just one person, and only that person has
access to it. In this way, the owner can run as many loads of laundry as they need and be
assured that no one else has access to their laundry.

Private clouds and public clouds both use cloud technologies like virtualization and share
characteristics such as scalability and broad access. The main difference between them is that
a public cloud can be accessed by multiple customers of the cloud vendor, while a private
cloud is only accessible to one organization.

Is it better to use a public cloud or a private cloud?

Some businesses may prefer to use a private cloud, especially if they have extremely high
security standards. Using a private cloud eliminates intercompany multitenancy(there will
still be multitenancy among internal teams) and gives a business more control over the cloud
security measures that are put in place.

However, it may cost more to deploy a private cloud, especially if the business is managing
the private cloud themselves. Often, organizations that use private clouds will end up with a
hybrid cloud deployment, incorporating some public cloud services for the sake of ef ciency.

What is a hosted private cloud?

fl
fi
fi
Suppose a large company in Chicago, Illinois, wants to run a private cloud. They can either
set up an internal private cloud in their Chicago of ce building, or they can let a third-party
cloud provider host their private cloud. That third party may be in a different area of Chicago,
another city in Illinois, or even another state.

A hosted private cloud is off-premise instead of on-premise, meaning the cloud servers are
not physically located on the grounds of the organization using them. Instead, a third party
manages and hosts the cloud remotely.

What is an internal private cloud?

As described above, an internal private cloud is hosted on an organization's own premises,

and is managed by them internally. Unlike with a hosted private cloud, the organization
manages and operates the internal private cloud themselves. Typically, this means they will
purchase the servers, keep them up and running, and administer the software that runs on the
servers.

What does 'hybrid cloud' mean?

A hybrid cloud mixes two or more types of cloud environments. Hybrid cloud deployments
combine public* and private clouds**, and they may also include on-premise legacy
infrastructure. For a cloud to truly be hybrid, these different cloud environments must be
tightly interconnected with each other, essentially functioning as one combined infrastructure.
Almost all hybrid clouds include at least one public cloud.
fi
 A hybrid cloud is somewhat like a hybrid car. Hybrid cars combine two totally distinct
technologies: an engine that burns gasoline and electric power. Each technology functions in
a totally different way, and each one has its bene ts and drawbacks. However, when the two
are combined effectively, the result is a car that is more ef cient than most gasoline-only cars
and yet more powerful than most all-electric cars. Similarly, hybrid clouds combine the
bene ts of multiple types of cloud environments for greater ef ciency and functionality.
Hybrid clouds have a number of uses. An organization may use their private cloud for some
services and their public cloud for others, or they may use the public cloud as backup for
their private cloud. They can also use the public cloud to handle periods of high demand,
while keeping most operations within their private cloud.

What are the types of environments found in hybrid clouds?

The combination of any two of the environments listed below can be considered "hybrid
cloud":
1. Public cloud: A public cloud is a cloud service run by an external vendor that may
include servers in one or multiple data centers. Public clouds are shared by multiple
organizations. Using virtual machines, individual servers may be shared by different
companies, a situation that is called "multitenancy" because multiple companies are
renting server space within the same physical server.
2. On-premise private cloud: A private cloud is a data center wholly dedicated to one
company. The servers in a private cloud aren't shared by anyone else's software, les,
or data. On-premise private clouds are maintained and secured by the organizations
themselves, not an external vendor.
3. Hosted private cloud: This is just like an on-premise private cloud in that the servers
are dedicated wholly to one organization. However, the cloud servers in a hosted
private cloud are not located in an organization's of ces – rather, a third-party
provider hosts and maintains the cloud servers in one or more remote data centers,
and the organization accesses the cloud over the Internet instead of an internal
network. But unlike a public cloud, there is no multitenancy; the cloud servers are not
shared with other organizations.
4. On-premise (legacy): On-premise or legacy deployments don't use cloud technology
at all. Instead, organizations using this model follow the classic practice of purchasing
software licenses, installing and maintaining hardware on their premises, and
installing software locally on employee computers. In other words, instead of working
in Google Docs (for example), employees would use Microsoft Word, or some other
program installed and running on their computers.

What is the difference between hybrid cloud and multi-cloud?

A multi-cloud deployment combines multiple public clouds, while a hybrid cloud combines a
public cloud with another type of environment. Hybrid clouds combine apples and oranges –
a multi-cloud deployment is more like combining many types of apples.
A multi-cloud can also be a hybrid cloud if it mixes multiple types of cloud environments, in
addition to using multiple public clouds – just as a rectangle can be a square, but not all
rectangles are squares. Conversely, a hybrid cloud deployment can also be multi-cloud if it
uses several public clouds.
fi
fi
fi
fi
fi
fi
How do the different environments communicate with each other in a hybrid cloud?
For a hybrid cloud to work well, the connection between the separate clouds is key. Public
clouds, private clouds, and on-premises infrastructure can connect to each other in a variety
of ways, including:
1. APIs (Application Programming Interfaces)
2. VPNs (Virtual Private Networks)
3. WANs (Wide Area Networks)

Without a working connection between clouds, an organization is not running a hybrid cloud
– they are merely running two or more separate cloud environments in parallel, and they
won't reap the bene ts of hybrid cloud deployments.

What are the advantages of using a hybrid cloud architecture?

1. Flexibility: Hybrid clouds make it easier to switch to a different style of cloud
deployment. For instance, if a business decides to move to an exclusively public cloud
deployment, it will be simpler if some business processes or storage already take
place in a public cloud.
2. Wider variety of technology: Via a public cloud, a business can include technology
that isn't practical to run in a private cloud, such as big data processing.
fi
 3. Backups to avoid downtime: If one cloud crashes or breaks, a company can rely on
the other cloud, avoiding service interruptions. This type of redundancy is also an
advantage of multi-cloud deployments.
4. Meet spikes in demand: A company can run most of its processes in a private cloud,
and then use a public cloud for extra computing power to handle a sudden spike in
workload – such as when far more users than normal access an eCommerce siteduring
Black Friday. This strategy is known as cloud bursting, because a workload "bursts"
from one cloud to a larger cloud.
5. Potential cost savings: Maintaining an internal data center, such as a private cloud,
can be expensive and resource-intensive. By moving some operations to a public
cloud, an organization doesn't have to maintain as much infrastructure on-premises,
cutting down on costs.
6. Keep sensitive data on-premise: Some organizations handle sensitive data, such as
credit card numbers, healthcare information, or nancial data. Keeping such data on-
premise gives a company much more control over the security measures that guard
sensitive data. In a hybrid cloud deployment, an organization can keep sensitive data
in a secure private cloud, and then use public clouds for running the rest of their
applications.
7. What are the drawbacks of using a hybrid cloud architecture?
8. Greater attack surface: Whenever network infrastructure becomes more complex,
there is a greater chance that an attacker will nd a vulnerability to exploit. A single
cloud – say, a private cloud – can have strong security protections in place. But if
multiple clouds from different vendors are used, not all clouds will have the same
quality of security.
9. More complex integrations: The connection and orchestration between different kinds
of clouds is crucial. Thus, there are more steps to setting up a hybrid cloud compared
to deploying a single public cloud or a single private cloud, since the connecting
technology – such as a VPN – has to be set up and maintained too.
10. Complicated to secure: While an on-premise private cloud runs behind the company
rewall, a hosted private cloud or public cloud does not. A company may need to use
multiple security products, some for their on-premises cloud and some for their public
cloud, to keep their data safe. In addition, it can be tricky to validate a user's identity
across multiple clouds (access control).

What is service-oriented architecture?

Service-oriented architecture (SOA) is a method of software development that uses software

components called services to create business applications. Each service provides a business
capability, and services can also communicate with each other across platforms and
languages. Developers use SOA to reuse services in different systems or combine several
independent services to perform complex tasks.

For example, multiple business processes in an organization require the user authentication
functionality. Instead of rewriting the authentication code for all business processes, you can
create a single authentication service and reuse it for all applications. Similarly, almost all
systems across a healthcare organization, such as patient management systems and electronic
health record (EHR) systems, need to register patients. These systems can call a single,
common service to perform the patient registration task.
What are the bene ts of service-oriented architecture?
fi
fi
fi
fi
 Service-oriented architecture (SOA) has several bene ts over the traditional monolithic
architectures in which all processes run as a single unit. Some major bene ts of SOA include
the following:

Faster time to market

Developers reuse services across different business processes to save time and costs. They
can assemble applications much faster with SOA than by writing code and performing
integrations from scratch.

Ef cient maintenance

It’s easier to create, update, and debug small services than large code blocks in monolithic
applications. Modifying any service in SOA does not impact the overall functionality of the
business process.

Greater adaptability

SOA is more adaptable to advances in technology. You can modernize your applications
ef ciently and cost effectively. For example, healthcare organizations can use the
functionality of older electronic health record systems in newer cloud-based applications.

What are the basic principles of service-oriented architecture?

There are no well-de ned standard guidelines for implementing service-oriented architecture
(SOA). However, some basic principles are common across all SOA implementations.

Interoperability

Each service in SOA includes description documents that specify the functionality of the
service and the related terms and conditions. Any client system can run a service, regardless
of the underlying platform or programming language. For instance, business processes can
use services written in both C# and Python. Since there are no direct interactions, changes in
one service do not affect other components using the service.

Loose coupling

Services in SOA should be loosely coupled, having as little dependency as possible on

external resources such as data models or information systems. They should also be stateless
without retaining any information from past sessions or transactions. This way, if you modify
a service, it won’t signi cantly impact the client applications and other services using the
service.

Abstraction

Clients or service users in SOA need not know the service's code logic or implementation
details. To them, services should appear like a black box. Clients get the required information
about what the service does and how to use it through service contracts and other service
description documents.
fi
fi
fi
fi
fi
fi
Granularity

Services in SOA should have an appropriate size and scope, ideally packing one discrete
business function per service. Developers can then use multiple services to create a
composite service for performing complex operations.

What are the components in service-oriented architecture?

There are four main components in service-oriented architecture (SOA).

Service

Services are the basic building blocks of SOA. They can be private—available only to
internal users of an organization—or public—accessible over the internet to all. Individually,
each service has three main features.

Service implementation
The service implementation is the code that builds the logic for performing the speci c
service function, such as user authentication or bill calculation.

Service contract
The service contract de nes the nature of the service and its associated terms and conditions,
such as the prerequisites for using the service, service cost, and quality of service provided.

Service interface
In SOA, other services or systems communicate with a service through its service interface.
The interface de nes how you can invoke the service to perform activities or exchange data.
It reduces dependencies between services and the service requester. For example, even users
with little or no understanding of the underlying code logic can use a service through its
interface.

Service provider
The service provider creates, maintains, and provides one or more services that others can
use. Organizations can create their own services or purchase them from third-party service
vendors.

Service consumer
The service consumer requests the service provider to run a speci c service. It can be an
entire system, application, or other service. The service contract speci es the rules that the
service provider and consumer must follow when interacting with each other. Service
providers and consumers can belong to different departments, organizations, and even
industries.

Service registry
A service registry, or service repository, is a network-accessible directory of available
services. It stores service description documents from service providers. The description
documents contain information about the service and how to communicate with it. Service
consumers can easily discover the services they need by using the service registry.
fi
fi
fi
fi
fi
 How does service-oriented architecture work?
In service-oriented architecture (SOA), services function independently and provide
functionality or data exchanges to their consumers. The consumer requests information and
sends input data to the service. The service processes the data, performs the task, and sends
back a response. For example, if an application uses an authorization service, it gives the
service the username and password. The service veri es the username and password and
returns an appropriate response.

Communication protocols

Services communicate using established rules that determine data transmission over a
network. These rules are called communication protocols. Some standard protocols to
implement SOA include the following:

• Simple Object Access Protocol (SOAP)

• RESTful HTTP
• Apache Thrift
• Apache ActiveMQ
• Java Message Service (JMS)

You can even use more than one protocol in your SOA implementation.

What is an ESB in service-oriented architecture?

An enterprise service bus (ESB) is software that you can use when communicating with a
system that has multiple services. It establishes communication between services and service
consumers no matter what the technology.

Bene ts of ESB

An ESB provides communication and transformation capabilities through a reusable service

interface. You can think of an ESB as a centralized service that routes service requests to the
appropriate service. It also transforms the request into a format that is acceptable for the
service’s underlying platform and programing language.

What are the limitations in implementing service-oriented architecture?

Limited scalability

System scalability is signi cantly impacted when services share many resources and need to
coordinate to perform their functionality.

Increasing interdependencies

Service-oriented architecture (SOA) systems can become more complex over time and
develop several interdependencies between services. They can be hard to modify or debug if
several services are calling each other in a loop. Shared resources, such as centralized
databases, can also slow down the system.
fi
fi
fi
 Single point of failure

For SOA implementations with an ESB, the ESB creates a single point of failure. It is a
centralized service, which goes against the idea of decentralization that SOA advocates.
Clients and services cannot communicate with each other at all if the ESB goes down.

What are microservices?

Microservices architecture is made up of very small and completely independent software

components, called microservices, that specialize and focus on one task only. Microservices
communicate through APIs, which are rules that developers create to let other software
systems communicate with their microservice.

The microservices architectural style is best suited to modern cloud computing environments.
They often operate in containers—independent software units that package code with all its
dependencies.

Bene ts of microservices

Microservices are independently scalable, fast, portable, and platform agnostic—

characteristics native to the cloud. They are also decoupled, which means they have limited to
no dependencies on other microservices. To achieve this, microservices have local access to
all the data they need instead of remote access to centralized data that other systems also
access and use. This creates data duplication which microservices make up for in
performance and agility.

SOA compared to microservices

Microservices architecture is an evolution of the SOA architectural style. Microservices

address the shortcomings of SOA to make the software more compatible with modern cloud-
based enterprise environments. They are ne grained and favor data duplication as opposed to
data sharing. This makes them completely independent with their own communication
protocols that are exposed through lightweight APIs. It’s essentially the consumers' job to use
the microservice through its API, thus removing the need for a centralized ESB.
fi
fi