In 2011, the National Institute of Standards and Technology (NIST), a branch of the U.S. Department of Commerce, published its definition of cloud computing. The abstract reads:
Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
In 2012, the NIST published a document containing its synopsis and recommendations concerning cloud computing. That document contains the following diagram, which depicts public cloud infrastructure.
The highest-level categorization of cloud services as based on the type of computing capability that is provided. Any given cloud service may be categorized as one of three service models, namely Software as a Service (SaaS), Platform as a Service (PaaS), or Infrastructure as a Service (IaaS).
The NIST asserts that cloud computing is characterized by five essential characteristics:
- On-demand self-service. Customers can unilaterally provision computing capabilities such as server time and network storage. Such provisioning occurs as needed, and automatically, without necessitating human interaction with each cloud computing service provider.
- Broad network access. Computing capabilities are available over the network and are accessed through standard mechanisms – such as application programming interfaces (APIs) or data protocols – that promote use by a variety of thin or thick client platforms (e.g. mobile phones, tablets, laptops, and workstations).
- Resource pooling. The provider's computing resources are pooled to serve multiple customers using a multi-tenant model, with different physical and virtual resources dynamically assigned and re-assigned according to consumer demand and platform constraints. Although customers may opt to use data centers which are closer to them to reduce latency or other reasons, pooled computing resources result in a sense of location independence, in that the customer generally has no control over or knowledge of the precise location of the computing resources they utilize. Examples of pooled resources include storage, processing memory, and network bandwidth.
- Rapid elasticity. Capabilities can be elastically provisioned and released, in certain cases automatically, to rapidly scale outward and inward according to demand. To the consumer of cloud computing services, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time.
- Measured service. Cloud systems automatically control and optimize resource use by metering their capabilities at a level of abstraction unique to each type of service. (Examples include measuring and charging for data storage according to how much data a customer stores on a cloud platform, or charging for a certain level of memory allocation.) Because resource use is measured, controlled, and reported, cloud computing platforms provide transparency for both the provider and consumer of the service.
Cloud infrastructure is defined as the collection of hardware and software which collectively enable the five essential characteristics of cloud computing. Cloud infrastructure typically contains a physical layer – consisting of the actual computer hardware and its support systems (cooling, electricity, network connectivity, etc.) – and an abstraction layer consisting of software deployed across the physical layer, which manifests the five essential cloud characteristics.
The NIST specified three different service models for cloud computing services:
- Software as a Service (SaaS). The capability provided to the consumer is to use the provider's applications running on a cloud infrastructure. SaaS applications are accessible from client interfaces such as a web browser or program interface. The customer does not manage or control the underlying cloud infrastructure, but may have a limited set of user-configurable settings.
- Platform as a Service (PaaS). The capability provided to consumers of platform services is to deploy software onto cloud infrastructure using the programming languages, libraries, services, and tools supported by the cloud platform provider. The user does not control or manage the underlying cloud infrastructure itself, but does have control over the deployed applications and possibly configuration settings for the application-hosting environment.
- Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or contol the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications, and possibly limited control of select networking components such (ex. host firewalls).
The essential characteristics and service models of cloud computing necessitate the implementation of access control mechanisms to maintain system integrity and reduce exposure to malicious actors. The following diagram displays the scope of access control entailed with the various service models of cloud computing.
The NIST's definition details four different deployment models for cloud computing:
- Private cloud. In a private cloud environment, the cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers. It may be owned, managed, and operated by the organization, a third party, or some combination of them. Infrastructure may exist on or off premises.
- Community cloud. Cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g. mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises.
- Public cloud. The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.
- Hybrid cloud. The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).
Cloud computing synopsis and recommendations
M L Badger, T Grance, R Patt-Corner, J Voas
Evaluation of Cloud Computing
Services Based on NIST SP 800-145
NIST cloud computing reference architecture
Fang Liu, Jin Tong, Jian Mao, Robert Bohn, John Messina, Lee Badger, Dawn Leaf
The NIST definition of cloud computing
P M Mell, T Grance
Documentaries, videos and podcasts
- Infrastructure as a service (IaaS)Infrastructure as a Service (IaaS) describes a delivery model of cloud computing services which gives system administrators access to cloud-hosted virtual computers and system primitives used to architect and operate hosted software systems.
- Platform as a service (PaaS)Service/delivery model of cloud computing services
- Software as a service (SaaS)Software deployed as a hosted service and accessed over the Internet.
- Cloud managementManagement of cloud computing products and services