Cloud computing has six essential characteristics: Rapid elasticity and the ability to scale up and down, On demand self-service provisioning and automatic de-provisioning, Application programming interfaces (APIs), Broad network access, Billing and metering of service usage in a pay-as-you-go model and Monitoring and Reporting services. This flexibility is what is attracting businesses and individuals to move to the cloud.
Over
the past few years, companies have been using
cloud services and are becoming comfortable with entrusting their
entire customer base, information and internal processes to
third-party cloud service providers. This growing trust has led to
widespread adoption of cloud services to realise the following
benefits:
- Reducing Costs: Corporate servers are estimated to run at only 15 percent capacity. Pay-per-use services can reduce or eliminate these investments as well as the cost of maintaining them. Costs are paid incrementally and not upfront. Running in-house servers as clouds can increase utilization of existing investments and store more data than on private computer systems. No software needs to be installed on the desktop, saving time and money for IT departments and end-users
- Mobility: Data is stored in the cloud and therefore users can access their applications anywhere from any device with an Internet connection
- Agility: Enterprises can rapidly scale up or scale down on an as-needed basis and pay only for what they use. In the past, scaling service delivery could take months. It can now be done in minutes
- Focus: IT departments can spend less time on deployment and maintenance and instead focus on more strategic initiatives and innovation.
With
these four primary benefits, businesses will find moving to the cloud
an increasingly promising proposition. However,
before an organization migrates data, applications or services to
the Cloud they must understand their own ICT environment and
processes and where necessary undertake application rationalization
and transformation activities. This will allow the organization to
understand what applications, services and data are key to its
business objectives, determine any duplication of functionality
across applications/services and determine those that need to be:
- Rehosted (for IaaS Hardware)
- Refactored (for IaaS Software and PaaS),
- Revised (for IaaS Hardware or PaaS)
- Rebuilt (on PaaS),
- Replaced (with SaaS)
- Retired.
The
Cloud Computing is delivered via three service models: Infrastructure
as a Service (IaaS), Platform as a Service (PaaS) and Software as a
Service (SaaS). Table 1 provides a description of these services as
described by the NIST Cloud Reference architecture.
Service
Layer
|
Service
Consumer Activities
|
Service
Provider Activities.
|
IaaS
|
Creates/installs,
manages and
monitors
services for IT
infrastructure
operations
|
Provisions
and manages the physical
processing,
storage, networking and the
hosting
environment and cloud
infrastructure
for IaaS consumers.
|
PaaS
|
Develops,
tests, deploys and
manages
applications hosted in a
cloud
environment
|
Provisions
and manages cloud infrastructure
and
middleware for the platform
consumers;
provides development,
deployment
and administration tools to
platform
consumers.
|
SaaS
|
Uses
application/service for
business
process operations
|
Installs,
manages, maintains and supports
the
software application on a cloud
infrastructure
|
Table
1: NIST CLOUD Reference Architecture -Cloud Service Domains
The
integrated IaaS, PaaS and SaaS layered framework is shown in Figure
1 with regards to the NIST Cloud Reference Architecture.
The
IaaS, PaaS and SaaS models are deployed within:
- Private Clouds: The service is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise
- Community Clouds: The services are shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise
- Public Clouds: The service is made available to the general public or a large industry group and is owned by an organization selling cloud services
- Hybrid Clouds: The service is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability.
The
CSB provides organizations with a single point of entry into multiple
clouds. They exist to eliminate the complexity of managing the data
integration requirements of interconnected systems and multiple
connections by interfacing to the other clouds on behalf of their
customers – Cloud Consumers.
The
CSB will help companies choose the right platform, deploy
applications and integrate data across multiple clouds, and provide
cloud arbitration services that allow end users to migrate between
platforms to capture the best pricing and Service Level Agreements
that best fit the cloud consumers business objectives. The CSB's are
able to rise to meet this challenge by applying unique data
integration, information management, data security, compliance and
governance policies together with maintaining relationships that must
be maintained between the Cloud Consumers (end users) and the Service
Providers.
Cloud Service providers can manage all of an organization’s external and internal cloud connections whilst enriching the data integration process and data migration issues. Cloud Services are being provided via a vast range of providers to satisfy various business services, application and integration capabilities across the IaaS, PaaS and SaaS domains as shown in Figure 2.
Cloud Service providers can manage all of an organization’s external and internal cloud connections whilst enriching the data integration process and data migration issues. Cloud Services are being provided via a vast range of providers to satisfy various business services, application and integration capabilities across the IaaS, PaaS and SaaS domains as shown in Figure 2.
 |
| Figure 2 - CSB Framework Capabilities |
The
Security Services are integrated across the layered Cloud
Framework as shown in Figure 2. The objectives of the Security
Services are to implement single sign-on, federated identity and role
based access control (RBAC) within a multi-tenant environment. The
Security and Access Control Services provide:
- Access Controls
- Trust/Assurance
- Integrity including encryption of data
- Confidentiality
- Reputation
- Claims-based
- Security Token Services (STS).
Auditing
- includes the import of security and systems logs with the Cloud
Providers Systems and appropriate security reporting with the Cloud
Consumers. Auditing should include the monitoring of patch management, supported versions of APIs, identity management services
and access controls, cryptographic key management, network traffic
and threat analysis services and APIs for controlling and reporting
on the infrastructure to mitigate malware and denial-of-service
attacks.
There
are seven recognised Evaluation Assurance Levels from EAL1 to EAL7
which progressively provide
higher confidence that the system's security features are
reliably implemented.
Managing the security risks in interacting between the cloud providers, consumers and brokers
requires a process to provide an appropriate level of assurance. It is
the cloud brokers responsibility to evaluate its risk appetite and
determine the appropriate level of security required. This
evaluation will be undertaken by the cloud broker when choosing a
particular cloud provider, when selecting a security assurance
level, or as part of the negotiation between the cloud broker and
cloud provider. The cloud consumers would therefore choose to select
a Cloud Broker that provides the various levels of assurance and protection that
satisfy its security goals.
Provisioning
and System Management is undertaken from a CSB prospective within a
multi-tenant environment that enables service providers to centrally
create, control, and deliver hosted services to the cloud consumers.
It addresses critical operational challenges for provisioning,
monitoring, metering, self-management and further integration into
other applications in the service provider’s environment. The key
features provided include:
- Unified resource management: To centrally register, classify, view, and allocate all service-related resources such as physical servers, networking, bandwidth, and disk space as well as logical resources such as mailboxes and Web sites.
- Unified service provisioning: From a single platform automatically provision complex service plans that combine various services and service level agreements. Cloud consumers can also order, request and be automatically provisioned with the requested services via a service catalogue. Service Consumers can also request the decommissioning of a service in real-time
- Unified service monitoring: Comprehensive service resource monitoring and basic server monitoring capabilities ensure the smooth operation and delivery of services
- Unified service metering: Robust service usage tracking makes it possible to capture physical and logical resource usage data across services, applications, servers, and consumer usage and activities.
The
Cloud interface provides comprehensive resource management,
provisioning, monitoring, metering and other capabilities for the
effective monitoring and overall health and availability of the
platform. Alerting mechanisms should be implemented to inform
administrators (within the Cloud Consumer, Cloud Broker and Cloud
Providers) organizations when usage and threshold levels for resource
types are reached. These threshold levels should be able to be negotiated
during the ordering process. Standard Reports should be available
either via the user's browser or be down loadable to the cloud
consumer organization in an agreed format.
The
applications and workloads that a cloud consumer presents to the
cloud should be closely matched to the multi-tenant environment
where the impact of the workload would not cause detrimental issues to the other
tenants and where other tenants’ workloads would not constrain the
throughput and latency requirements to the service providers supported by the CBS.
Therefore the consumption of I/O and the ability to provide I/O
should be monitored and appropriately balanced and apportioned..
Expanding
the use of cloud services requires a high level of coordination and
integration. There are various means of integrating with the Cloud
Service Providers via:
- Data Integration via synchronization, file transfer or bulk updates
- Business Services using Web Services/APIs
- Presentation layer by direct access to the application or via mash-ups.
However Cloud Consumers will still need to continue to exchange information with existing third parties and clients accessing existing legacy and systems through databases, flat files and other commercial interfaces e.g. EDI.
The core integration functions include:
The core integration functions include:
- Support for Multiple Protocols
- Support multiple Adapter/Connections
- Provide Synchronous and Asynchronous data transfer
- Provide Message Enrichment for end-to-end security
- Provide Business Process Management via Service Orchestration & Choreography
- Provide Error handling mechanisms.
Ultimately
the panacea of the integration process would be to build, test and
maintain the interfaces using a web browser based drag-and-drop
visual flow tool and a development environment that integrates the
various data sources, API calls, SQL queries, documents, file
systems, data transformation and business rules. The tool should
enable information processed with emails, documents, XML data or
HTML/AJAX-based web applications to be easily configured using
navigation capabilities and provide data extraction and data entry
through a point-and-click interface much like a standard web
browser.
There
is no single method to connect one service consumer to all cloud
provider services. Each cloud service provider has its own connection
method e.g. to interface to Amazon EC2, you have to connect via their web service architecture. If you then connect to Salesforce.com or
any other service, you have to learn and implement their interface
specifications. This takes a considerable amount of time and effort
in trawling through the cloud providers documentation and
implementing and testing the interface/service. The lack of a uniform
or standardized connection is a real bottleneck to working with
multiple cloud service providers and can potentially lock-in the service consumer's to one service provider. However standards are in
the process of starting to be agreed e.g. IEEE P2302 - Standard for
Intercloud Interoperability and Federation (SIIF), Distributed
Management Task Force but this will take time.
Virtualization
technology enables application services to be moved between Virtual
Memory (VM) within a cloud platform or between cloud providers.
Moving and migrating VM's from one cloud provider to another, or to a
different hyper-visor and the potential limitations of the migration should be clearly defined by the Cloud Broker e.g. can it be
performed in real-time and what loss of service should be expected
during the migration.
The
CSB establishes a common business process that allows organizations
to interact with all of these different services provided by various
cloud providers and tie them together in an intelligible way so they
can interact with one another and share data just as they did on
premise, and also be more easily managed.
The
NIST Cloud Reference Architecture describes three major services
provided by a cloud broker:
- Service Arbitrage: Service arbitrage is similar to service aggregation, with the difference in that the services being aggregated aren’t fixed. Service arbitrage allows flexible and opportunistic choices for the broker. For example, the cloud broker can use a credit-scoring service and select the best score from multiple scoring agencies. The objective is to guarantee freedom of choice for consumers and to avoid potential lock-in
- Service Intermediation: A cloud broker enhances a given service by improving some specific capability and provides the value-added service to cloud consumers. Matches customer demands with provider capabilities e.g. functionality, integration, SLA, security etc.
- Service Aggregation: A cloud broker combines and integrates multiple services into one or more new services. The broker will provide data integration and ensure the secure data movement between cloud consumer and multiple cloud providers. Combining services e.g. Data cleansing and integration, data modelling, service federation eg identity and trust management.
Cloud
Broker Services can be one of three types:
- Internal CSB: Established within an organization that manages the connections and relationships with external Cloud Providers and internally within backend business systems
- External CSB: Manages the connections and relationships between many Cloud Providers and Cloud Consumers
- Hybrid CSB: An Enterprise may manage its own Clouds using an internal CSB and external Clouds using an External CSB.
The
ultimate aim is for the cloud broker to have the
capability to decide and organize the least expensive cloud component
combination - for efficient operation of customer systems and to move
cloud components around different clouds - based on pricing
and Quality of Service (QoS) and SLA's. The consumer will have one report and
one billing interface instead of having to manage multiple cloud
providers. Without the agility to migrate capability across different
clouds then the consumer will be locked into a chosen provider.
email: johnhf23@googlemail.com
email: johnhf23@googlemail.com
