I remember being entertained by Larry Ellison's Cloud Computing rant back in 2009 (view the YouTube clip here for a laugh!) in which he pointed out that cloud was really just processors and memory and operating systems and databases and storage and the internet. While Larry was making a valid point, and he also made a point about IT being a fashion-driven industry, the positive goals of Cloud Computing should by now be much clearer to everyone.
When we talk about Cloud Computing it's probably important that we try to work from a common understanding of what Cloud is and what the terms mean, and that's where NIST comes in.
The National Institute of Standards and Technology (NIST) is an agency of the US Department of Commerce. In 2011, two years after Larry Ellison's outburst, and after many drafts and many years of research and discussion, NIST published their 'Cloud Computing Definition' stating:
"The definition is intended to serve as a means for broad comparisons of cloud services and deployment strategies, and to provide a baseline for discussion from what is cloud computing to how best use cloud computing".
"When agencies or companies use this definition they have a tool to determine the extent to which the information technology implementations they are considering meet the cloud characteristics and models. This is important because by adopting an authentic cloud, they are more likely to reap the promised benefits of cloud - cost savings, energy savings, rapid deployment and customer empowerment".
The definition lists the five essential characteristics, the three service models and the four deployment models. I have summarised them in this blog post so as to do my small bit in encouraging the adoption of this definition as widely as possible to give us a common language and measuring stick for assessing the value of Cloud Computing.
The five essential characteristics
1. On-demand self service
A consumer can unilaterally provision computing capabilities without requiring human interaction with the service provider.
2. Broad network access
Support for a variety of client platforms including mobile phones, tablets, laptops and workstations.
3. Resource pooling
The provider's computing resources are pooled under a multi-tenant model, with physical and virtual resources dynamically assigned according to demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g. country, state, or datacenter).
4. Rapid elasticity
Capabilities can be elastically provisioned and released commensurate with demand. Scaling is rapid and can appear to be unlimited.
Service usage (e.g. storage, processing, bandwidth, active user accounts) can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the service.
The three services models
1. Software as a Service (SaaS)
The consumer uses the provider's applications, accessible from client devices through either a thin client interface, such as a web browser (e.g. web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
2. Platform as a Service (PaaS)
The consumer deploys consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.
3. Infrastructure as a Service (IaaS)
Provisioning processing, storage, networks etc, where the consumer can run a range of operating systems and applications. The consumer does not manage the underlying infrastructure but has control over operating systems, storage, and deployed applications and possibly limited control of networking (e.g. host firewalls).
Note that NIST has resisted the urge to go on to define additional services such as Backup as a Service (BaaS), Desktop as a Service (DaaS), Disaster Recovery as a Service (DRaaS) etc, arguing that these are already covered in one way or another by the three 'standard' service models. This does lead to an interesting situation where one vendor will offer DRaaS or BaaS effectively as an IaaS offering, and another will offer it under more of a SaaS or PaaS model.
The four deployment models
1. Private cloud
The cloud infrastructure is provisioned for exclusive use by a single organisation comprising multiple consumers (e.g. business units). It may be owned, managed, and operated by the organisation, a third party, or some combination of them, and it may exist on or off premises.
2. Community cloud
The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organisations that have shared concerns (e.g. mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organisations in the community, a third party, or some combination of them, and it may exist on or off premises.
3. Public cloud
The cloud infrastructure is provisioned for open use by the general public. It exists on the premises of the cloud provider.
4. Hybrid cloud
The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are connected to enable data and application portability (e.g. cloud bursting for load balancing between clouds).
The NIST reference architecture also talks about the importance of the brokering function, which allows you to seamlessly deploy across a range of internal and external resources according to the policies you have set (e.g. cost, performance, sovereignty, security).
The NIST definition of Cloud Computing is the one adopted by ViFX and it is the simplest, clearest, and best-researched definition of Cloud Computing I have come across.
High priority requirementsOn 22nd October 2014 NIST published a new document "US Government Cloud Computing Technology Roadmap" in two volumes which identifies ten high priority requirements for Cloud Computing adoption across the five areas of:
- Standards-based products, processes, and services are essential to ensure that a) technology investments do not become prematurely obsolete, b) agencies can easily change cloud service providers, and c) agencies can economically acquire or develop private clouds.
- Security technology solutions must be able to accommodate a wide range of business rules.
- Service-Level Agreements for performance and reliability should be clearly defined and enforceable.
- Standardisation and clear categorisation/naming of cloud services are required to make it easier for agencies to compare apples to apples.
- Mechanisms are required to support federation of clouds in a community environment e.g. two organisations sharing resources across each of their private/community clouds.
- Business and technology policies should be clear regarding data location and sovereignty issues to avoid technology solution limits becoming the de facto drivers of policy.
- Solutions are required to cover the special requirements of US Federal Government that are not currently available from commercial cloud services.
- Nation-scale technology is required including high security and emergency systems for US Federal Government, outside of the hands of proprietary companies.
- Industry needs to define and implement reliability design goals, best practices, and related measurement and reporting processes so as to avoid the risk of major design flaws and catastrophic failures.
- Cloud service metrics need to be standardised so that cloud services can be sized and consumed with a high degree of predictability.
These are all worthwhile requirements, and there's also a loopback here to some of Larry Ellison's comments. Larry spoke about seeing value in rental arrangements, but also touched on the importance of innovation. NIST is trying to standardise and level the playing field to maximise value for customers, but history tells us that vendors will try to innovate to differentiate themselves. For example, with the launch of VMware's vCloud Air we are seeing the dominant player in infrastructure management software today staking its claim to establish itself as the de facto software standard for hybrid cloud. But that is really a topic for another day...
What do you think about this definition of Cloud Computing? Do you agree? And do you see value in having a common understanding and definition? Let us know your thoughts.