Subject Name :-Cloud Computing

Subject Code :- KCS 713

Unit No. :- 3
Lecture No. :- 1
Topic Name :- NIST Cloud Computing Reference Architecture
 Contents
1. Changing requirement and roles
2. Architecture for Elasticity
3. NIST Cloud Conceptual Reference Model
4. Important Questions
5. References
 Changing requirement and roles

Changes are required for IT and software architecture like

• Data (storage, distribution),
• High processing computation
• Transactions computing
• Caching
• Workflows
• Access control.
• Service Level Agreement requirements
 Architecture for Elasticity
• Vertical Scale-Up
• Keep on adding resources to a unit to increase computation power.
• Process the job to single computation unit with high resources.
• Horizontal Scale Out
• Keep on adding discrete resources for computation and make them behave as in converged
unit.
• Splitting job on multiple discrete machines, combine the output.
• Distribute database.

• For HPC second option is better than first. Because Complexity and cost of first option
is very high.
 Cloud Conceptual Reference Model

• Cloud High-level architecture

• Five major actors with their roles, responsibilities, activities and functions in
cloud computing.
• Understanding of the requirements, uses, characteristics and standards of cloud
computing.
• Cloud Consumer
• Cloud Provider
• Cloud Broker
• Cloud Auditor
• Cloud Carrier

NIST Cloud Computing Reference Architecture

 Cloud Service Characteristics

• On demand self-service
• Broad network access
• Resource pooling
• Rapid elasticity
• Measured service

NIST Cloud Computing Reference Architecture

 Cloud Provider – Service Deployment
• A cloud system can be operated in one of the following four deployment models:
– Private cloud: The cloud infrastructure is operated solely for an organization. It may be managed by the
organization or a third party and may exist on premise or off premise.

– Community cloud: The cloud infrastructure is shared by several organizations and supports a specific
community that has shared concerns (e.g., mission, security requirements, policy, and compliance
considerations). It may be managed by the organizations or a third party and may exist on premise or
off premise.

– Public cloud: The cloud infrastructure is made available to the general public or a large industry group and
is owned by an organization selling cloud services.

– Hybrid cloud: The cloud infrastructure is a composition of two or more clouds (private, community, or
public) that remain unique entities but are bound together by standardized or proprietary technology that
enables data and application portability (e.g., cloud bursting for load balancing between clouds).
Information Technology Laboratory Cloud Computing Program
 Cloud Provider – Service Orchestration
• Service Orchestration refers to the arrangement, coordination and management of cloud
infrastructure to provide different cloud services to meet IT and business requirements.

• The three conceptual layers of a generalized cloud environment:

– Service Layer: Defines the basic services provided by cloud providers.
• SaaS : Deployed applications targeted towards end-user software clients or other programs, and made available via the
cloud.
• PaaS: Services for consumers to develop and deploy applications onto the cloud infrastructure, including application
containers, application development tools, database management systems, etc.
• IaaS: The provisioning of processing, storage, networks, and other fundamental computing resources upon which
cloud consumers can deploy and run applications on the cloud infrastructure.
– Resource Abstraction and Control Layer: Entails software elements, such as hypervisor, virtual machines,
virtual data storage, and supporting software components, used to realize the infrastructure upon which a
cloud service can be established, and the associated function modules that manage the abstracted resources
to ensure efficient, secure and reliable usage.
• While virtual machine technology is commonly used at this layer, other means of providing the
necessary software abstractions are not precluded. This layer provides “cloud readiness” with the five
characteristics defined in the NIST Cloud Definition.
Cloud Provider – Cloud Service
Management
– Physical Resource Layer: Includes all the physical resources, such as:
• Hardware: Computers (CPU, memory), network (router, firewall, switch, network link and
interface), storage components (hard disk), and other physical computing infrastructure
elements.
• Facility : HVAC, power, communications, and other aspects of the physical plant.

• Cloud Service Management includes all the service-related functions that are necessary for the
management and operations of those services required by or proposed to cloud consumers.

• A cloud provider performs the following functions to support cloud service management: Business
Support, Provisioning/Configuration, and Portability/Interoperability.
Cloud Provider – Cloud Service Management

• Business Support: Entails the set of business-related services dealing with clients and supporting
processes such as taking orders, processing bills, and collecting payments. It includes the
components used to run business operations that are client-facing.
– Customer management: Manage customer accounts, open/close/terminate accounts, manage user profiles,
manage customer relationships by providing point-of-contact and resolution for customer issues and
problems, etc.
– Contract management: Manage service contract, setup/close/terminate contract, etc.
– Inventory Management: Set up and manage service catalogs, etc.
– Accounting and Billing: Manage customer billing information, send billing statements, process received
payments, track invoices, etc.
– Reporting and Auditing : Monitor user operations, generate reports, etc.
– Pricing and Rating: Evaluate cloud services and determine prices, handle promotions and pricing rules
based on a user's profile, etc.
Cloud Provider – Cloud Service
Management
• Provisioning/Configuration
– Rapid provisioning: Automatically deploying cloud systems based on the requested
service/resources/capabilities.
– Resource changing: Adjusting configuration/resource assignment for repairs, upgrades and joining new
nodes into the cloud.
– Monitoring and Reporting: Discovering and monitoring virtual resources, monitoring cloud operations and
events and generating performance reports.
– Metering: Providing a metering capability at some level of abstraction appropriate to the type of service (e.g.,
storage, processing, bandwidth, and active user accounts).
– SLA management: Encompassing the SLA contract definition (basic schema with the QoS parameters), SLA
monitoring and SLA enforcement according to defined policies.
 Cloud Provider – Cloud Service
Management
• Portability/Interoperability:
– Portability: 1. The ability to transfer data from one system to another without being required to recreate or reenter data
descriptions or to modify significantly the application being transported. 2. The ability of software or of a system to run on more
than one type or size of computer under more than one operating system. [Federal Standard 1037C]
– Interoperability: The capability to communicate, execute programs, or transfer data among various functional units under
specified conditions. [ANSDIT]
– Cloud Providers should provide mechanisms to support:
• Data Portability
– Copy data to-from: Copy data objects into/out of a cloud.
– Bulk data transfer: Use a disk for bulk transfer.
• Service Interoperability
– Allow cloud consumers to use their data and services across multiple cloud providers with a unified and
enhanced management interface.
• System portability
– VM images migration: Migrate a fully-stopped VM instance or machine image from one
provider to another provider.
– Application/Service migration: Migrate application/service and current contents from one service provider to
another provider.
 Cloud Providers – Security &
Privacy
• Security
– Authentication and Authorization: Authenticate and authorize cloud consumers using credentials that have been established
previously.
– Availability: Ensure timely and reliable access to and use of information.
– Confidentiality: Protect the confidentiality of the data objects written into clouds by preserving authorized restrictions on
access and disclosure.
– Identity management: Enforce identity and access control policies on users accessing cloud.
– Integrity: Guard against improper information modification or destruction, and include ensuring information non-repudiation
and authenticity.
– Security monitoring & Incident Response: Conduct ongoing automated monitoring of the cloud provider infrastructure to
demonstrate compliance with cloud-consumer security policies and auditing requirements.
– Security policy management: Configure/generate/enforce/audit/update security policies on users accessing clouds.
• Privacy
– Protect the assured, proper, and consistent collection, processing, communication, use and disposition of personal information
(PI) and personally identifiable information (PII) on the cloud.
 Cloud Auditor
• Cloud Auditor: A party that can conduct independent assessment of cloud services, information
system operations, performance and security of the cloud implementation.
• A cloud auditor can evaluate the services provided by a cloud provider in terms of security controls,
privacy impact, performance, etc.
– For security auditing, a cloud auditor can make an assessment of the security controls in the
information system to determine the extent to which the controls are implemented correctly,
operating as intended, and producing the desired outcome with respect to meeting the security
requirements for the system.
• Auditing is especially important for federal agencies and “agencies should
include a contractual clause enabling third parties to assess security controls of cloud providers” (by
Vivek Kundra, Federal Cloud Computing Strategy, Feb. 2011.).
 Cloud Broker
• Cloud Broker: An entity that manages the use, performance and delivery of cloud services and
negotiates relationships between Cloud Providers and Cloud Consumers.
• As cloud computing evolves, the integration of cloud services can be too complex
for cloud consumers to manage.
• The major services provided by a cloud broker include:
– Service Intermediation: A cloud broker enhances a given service by improving some specific capability
and provides the value-added service to cloud consumers.
– Service Aggregation: A cloud broker combines and integrates multiple services into one or more new services.
The broker will provide data integration and ensure the secure data movement between cloud consumer and
multiple cloud providers.
– Service Arbitrage: Service arbitrage is similar to service aggregation, with the difference in that the services
being aggregated aren’t fixed. Service arbitrage allows flexible and opportunistic choices for the broker. For
example, the cloud broker can use a credit- scoring service and select the best score from multiple scoring
agencies.
 Cloud Carrier

• Cloud Carrier: The intermediary that provides connectivity and transport of cloud services between
Cloud Providers and Cloud Consumers.
– Provide access to cloud consumers through network, telecommunication and
other access devices.
• Example: Network access devices include computers, laptops, mobile phones, mobile
internet devices (MIDs), etc.
– Distribution can be provided by network and telecomm carriers or a transport
agent.
• Transport agent: A business organization that provides physical transport of storage media
such as high-capacity hard drives.
– A cloud provider shall set up SLAs with a cloud carrier to provide a consistent level of service. In
general, the cloud carrier may be required to provide dedicated and encrypted connections.
 Important Questions

1. What do you mean by software as a service?

2. What is the platform as a service?
3. What is the difference between scalability and elasticity?
4. What are the advantages of cloud services?
5. Explain the difference between cloud and traditional data centers.
 References
 Dan C Marinescu: “ Cloud Computing Theory and Practice.” Elsevier(MK) 2013.
 RajkumarBuyya, James Broberg, Andrzej Goscinski: “Cloud Computing Principles
and Paradigms”, Willey 2014.
 Kai Hwang, Geoffrey C Fox and Jack J Dongarra, “Distributed and cloud computing”, Elsevier(MK)
2012.
 John W Ritting house, James F Ransome: “Cloud Computing Implementation, Management and
Security”, CRC Press 2013.