The introduction of cloud computing has transformed the way companies manage data, implement applications and improve their IT infrastructure. The reference model of cloud computing acts as a design template for the effective structuring of cloud environments. Whether you’re a business looking to scale operations or an IT expert managing cloud-based solutions understanding this model is needed.
In some cloud reference models, cloud computing activities are structured into logical layers and cross-layer functions to provide a clear separation of responsibilities and improve system design. To address the complexity of modern cloud environments, the cloud reference model(CRM) categorizes the ecosystem into service models like IaaS, PaaS, and SaaS, along with a cloud management layer. This structured approach provides organizations with scalability, flexibility, reliability and improved governance over their cloud applications.
In this guide, we’ll explore the cloud computing reference model, its service model, Major actors of the cloud computing reference model and types of cloud computing deployment models. By the end of this blog, you’ll have a clear understanding of how the model enhances cloud performance and security, and alignment with business needs.
To define and standardise the functions of a cloud computing environment, the cloud computing reference model is an abstract model that separates the environment into abstraction layers and cross-layer functions.
Each of these layers describes various components that may be present in a cloud computing environment, including computing systems, networking, storage equipment, security measures, visualization software, and management software.
In some reference models, cloud computing operations are divided into five logical levels and three cross-layer functions. The five layers, the physical layer, virtual layer, control layer, service orchestration layer, and service layer, are commonly used in certain cloud computing reference models to describe the cloud environments structure.
Cloud computing refers to delivering computing services like data storage, applications, and processing power over the internet, instead of relying on your computer’s hard drive or a local server. Cloud computing is the on-demand delivery of IT services over the internet with pay-as-you-go pricing.
This technology enables users to access resources as a service over the internet. The stored data may include documents, files, photos, application data, databases, or any other type of digital content. Cloud computing models offer customers greater flexibility and scalability compared to on-premises infrastructure.
Organisations of every type, size, and industry are utilising the cloud for a wide range of use cases, including data backup, disaster recovery, email, virtual desktops, software development and testing, big data analytics, and customer-facing web applications.
A key part of the cloud computing reference models is its division into three primary service models. IaaS (Infrastructure as a Service), PaaS (Platform as a Service) and SaaS (Software as a Service) are three primary cloud delivery models that have been widely accepted and institutionalised.
Cloud service providers deliver these service models to customers, allowing them to access computing resources, platforms, or applications as needed. Cloud users can select from a variety of capabilities offered by the three types of delivery models, but the degree of administrative control varies.
The service models can be visualised as a stack, where higher-level services depend on the underlying layers. For example, SaaS offerings are often built on top of PaaS and IaaS infrastructure. For instance, SaaS applications rely on infrastructure and platforms provided by the lower IaaS and PaaS layers. The cloud computing reference model aligns with three primary service models:
Software as a service is a way of using software in which the applications are hosted by a cloud service provider. A company hosts the software; you can use it just by logging in through a web browser. Saas is also known as on-demand software.
In Saas, updates, maintenance, and storage are managed by the service provider. The examples of Saas include Google Workspace, Dropbox, Salesforce, and more. Here are some key features of using SaaS.
Features of SaaS
Platform as a service (PaaS) is a cloud computing model where a third-party provider offers the software and hardware tools required to develop, test, and run applications. The users can build and host the applications in the cloud environment without necessarily worrying about managing servers or infrastructure.
Developers can construct and deploy apps on a platform without necessarily needing to know how many processors or how much memory their applications would use. Examples of PaaS include Google App Engine, AWS Elastic Beanstalk, Windows Azure App Service, OpenShift and Heroku.
Features of PaaS
Infrastructure as a service is a type of cloud computing that gives people access to IT tools like virtual computers, storage, and networks through the internet. Users are not required to buy or manage physical hardware; users only have to pay for what they use.
IaaS offers computing hardware as a service, including virtual servers, networking technology, and storage, all hosted within the provider's data centers. Examples of IaaS include Amazon EC2 and Microsoft Azure virtual machines.
Features of IaaS
There are various types of cloud computing deployment models used based on the various requirements of the consumers. Cloud computing deployment models define how cloud resources are made available to users.
The four main deployment models are public cloud, private cloud, hybrid cloud, and community cloud. Cloud computing operates under various deployment models, each suited for different business needs. Selecting the right deployment model depends on security, scalability, and operational requirements.
A cloud deployment model fundamentally determines where the infrastructure for your deployment exists and who owns and controls that infrastructure.
It also determines the cloud nature and purpose. Understanding the various deployment methods is the first step for any company looking to use cloud services.
Knowing this makes it easier to decide which direction the business should take. Each model will outline its advantages and disadvantages in terms of cost, management, flexibility, security, and governance.
Cloud deployment models are divided into five main types
Let’s take a look at each model in more detail.
The public cloud model makes it possible for any user to access systems and services. As the service provider, you own the hardware and supporting networking infrastructure, which are under your full control. The service provider is responsible for physical security, maintenance, and management of the data centers where the infrastructure resides.
Although public cloud environments are shared among multiple users, providers implement strict security controls to ensure data isolation and protection. The cloud service provider will share infrastructure between various customers while keeping data separate and isolated, offering many layers of security controls where this is a concern. It is a type of cloud hosting where users can easily access systems and services.
This form of cloud computing is the best example of cloud hosting, in which service providers supply services to a variety of customers, meaning anyone can use these services. Data storage, data backup and retrieval services are typically provided on a pay-as-you-go or subscription basis, with some providers offering limited free tiers. Commonly used public clouds include Microsoft Azure, Amazon AWS, Google Cloud, Oracle Cloud, and many more.
The private cloud deployment model differs from the public cloud by providing a dedicated environment exclusively for a single organization, offering greater control and privacy. It provides a dedicated environment for a single organization, eliminating the need to share hardware with other users.
A private cloud can be fully owned and managed by a single organization or managed by a trusted third party, depending on the deployment model. The key difference between private and public cloud lies in ownership, control and resource sharing. In private cloud, the infrastructure is dedicated to a single organization.
The cloud platform operates within a secure, cloud-based environment that is protected by reliable firewalls and monitored by the organization’s IT department. With the private cloud, control over cloud resources can be more flexible. A large investment may also be required to purchase the required hardware. Having complete control of the hardware can result in enhanced performance.
The hybrid cloud model combines both public and private cloud deployment models, providing a single cloud infrastructure that is aimed at increasing flexibility and deployment options for the business.
With this hybrid model, you may host the app in a safe environment while taking advantage of the public cloud cost savings. The advantages of both public and private clouds can be realized. When properly architected, applications can be moved between public and private clouds environments, enhancing flexibility and fault tolerance.
For instance, applications that require strict governance and data security may be hosted in the business private cloud, while those that do not have these concerns and need on-demand scaling could be hosted in the public cloud.
As the name only explains, with multi-cloud, we’re talking about multiple cloud providers at the same time. It is comparable to the hybrid cloud deployment strategy, which mixes resources from both public and private clouds. Rather than focusing on integrating private and public clouds like hybrid cloud does, multi-cloud refers to the use of multiple public cloud providers, which often but not exclusively involves multiple public clouds.
While multi-cloud strategies often involve multiple public clouds, they also include private clouds, though the emphasis is on leveraging various providers rather than integrating environments as in hybrid cloud. The coincidence of two separate clouds having an incident at the same time is rather unusual.
Consequently, the high availability of your services is increased even further by multi-cloud deployment. Some services may be preferred on a certain cloud over another, based on the business. For example, the GKE (Google Kubernetes Engine) hosted on the Google Cloud may be preferable over the same offering in Azure, like AKS (Azure Kubernetes Service) or Amazon EKS (Elastic Kubernetes Service).
The community cloud model allows systems and services to be accessible by a group of organizations. This model is shared among many companies within the same domain, like banking, government, educational institutions, etc.
In other words, multiple organizations form a group that utilizes shared infrastructure and services, which may introduce concerns regarding privacy, security, and performance.
The infrastructure of the community could be shared between the organizations that have shared concerns or tasks. It is managed by third parties or by the combination of one or more organizations in the community.
Examples of Cloud computing reference model apart from NIST
An actor is an entity (either an individual or an organization) that participates in cloud computing processes and contributes to service delivery of management. There are five major actors in the NIST cloud computing reference architecture. They are
A person or organization that maintains a business relationship with and uses services from cloud providers is known as a cloud consumer. The cloud consumer is a stakeholder for the cloud computing service. From a cloud provider, a cloud consumer browses the service catalog.
A cloud consumer browses the service catalog from a cloud provider, requests the appropriate service, sets up service contracts with the cloud provider, and then uses the service. The cloud consumer may be charged for the provisioned service and must organize payments accordingly.
SLAs are necessary for cloud consumers to outline the technical performance criteria that a cloud provider must meet. SLAs may include provisions related to service quality, security measures, and resources for instances of inadequate performance.
There are various categories of cloud-based services mentioned below.
A cloud provider is an organization that offers cloud services to consumers, typically responsible for managing the infrastructure and software required to deliver those services. A cloud provider is responsible for acquiring and managing the necessary computing infrastructure, operating the cloud software that delivers these services, and ensuring network access for cloud consumers.
For SaaS, the cloud provider deploys, configures, maintains, and updates the operation of the software application on a cloud infrastructure so that the services are provisioned at the expected service level to cloud consumers. While the SaaS provider takes on most responsibilities for managing and controlling both applications and infrastructure, cloud consumers have limited administrative control over the applications.
For PaaS, the cloud provider manages the computing infrastructure for the platforms and runs the cloud software that gives components of the platform, like runtime software execution stack, database, and other middleware components. For IaaS, the cloud provider obtains the physical computing resources that support the service, which include servers, networks, storage, and hosting infrastructure.
A cloud carrier acts as a middleman that gives connectivity and transport of cloud services between cloud consumers and cloud providers. Cloud carriers provides the network connectivity that enables consumers to access cloud services through various access devices like computers, mobile phones and tablets.
For instance, Cloud consumers can access cloud services using end-user devices like computers, laptops, mobile phones, and other internet-connected devices.
In certain cases, a cloud provider may establish SLAs with a cloud carrier to ensure that the connectivity provided aligns with the service levels promised to cloud consumers. These agreements may include provisions for dedicated and secure connections between cloud consumers and cloud providers.
A cloud auditor is someone who can carry out an independent review of cloud service controls, aiming to provide an opinion on them. Services offered by a cloud provider can be assessed by a cloud auditor regarding security controls, privacy impact, performance, and more.
Auditing is especially important for federal agencies, as “agencies should include a contractual clause enabling third parties to access security controls of cloud providers,” by Vivek Kundra, Federal cloud computing strategy.
An auditor can evaluate the security controls within the information system to assess how well they are correctly implemented, functioning as intended, and achieving the desired result in relation to the system’s security requirements for security auditing purposes. The primary types of audits conducted by a cloud auditor include the following.
A cloud broker is an entity that manages the use, performance and delivery of cloud services and negotiates relationships between cloud providers and cloud consumers.
As cloud computing develops, the incorporation of cloud services can become overly complicated for users to handle. Instead of reaching out directly to a cloud provider, a cloud consumer can request cloud services through a cloud broker.
A cloud broker can provide services in three categories
A cloud broker enhances a particular service by improving some specific capability and providing value-added services to cloud consumers. Improvement can include managing access to cloud services, identity management, performance reporting, enhanced security, and more.
A cloud broker combines and integrates various services into one or more new services. The cloud broker provides data integration and ensures the secure data movement between the cloud consumer and multiple cloud providers.
Service arbitrage allows a broker to select services from various providers. Service arbitrage resembles service aggregation, but the specific services being aggregated are not predetermined, allowing flexibility and choice.
1. A cloud consumer may request service from a cloud broker instead of contacting a cloud provider directly. Cloud broker may generate a new service by combining multiple services or by enhancing an existing service. For instance, the actual cloud providers are invisible to the cloud consumer, and the cloud broker interacts directly with the cloud consumer.
2. Cloud carriers provide the connectivity and transport of cloud services from cloud providers to cloud consumers. In some cases, a cloud provider may establish two distinct service level agreements (SLAs), one with a cloud carrier to ensure reliable connectivity, and one with a cloud consumer for service delivery.
The provider may specify requirements on regarding capability, flexibility and functionality in the agreement with the cloud carrier to ensure it can meet its service commitments to the cloud consumer.
3. For a cloud service, a cloud auditor conducts independent assessments of the operation and security of the cloud service implementation. The audit may involve interactions with both the cloud consumer and cloud provider.
The cloud security reference model does not favor any specific cloud deployment model, and its methodology can be readily applied to data from Private, community, or hybrid cloud environments. It consists of a formal model, a set of security components, and a methodology for implementing a cloud-adapted risk management framework.
For illustrative purposes, this document uses the public cloud deployment model to demonstrate the methodology as it provides the most comprehensive examples of security component considerations defined in the National Cloud Computing Security Reference Architecture (NCC-SRA). The security components are examined within each instance of the cloud ecosystem to determine the extent to which each cloud actor contributes to their implementation of those components.
This document’s main goal is to explain the process of describing, identifying, classifying, analyzing, and choosing cloud-based services for cloud consumers who are trying to figure out which cloud service offering best addresses their cloud computing needs and supports their business.
Copy and paste below code to page Head section
There are four primary types of cloud computing: public cloud, private cloud and hybrid cloud and community cloud. The three most common cloud deployment models are public, private and hybrid cloud. A fourth model, the community cloud, is also recognized in some frameworks like NIST.
The three most common cloud computing IaaS (infrastructure as a service), PaaS (platform as a service), and SaaS (software as a service).
The NIST cloud computing reference architecture defines the roles, components, and relationships within cloud environment, focusing on “what” cloud services provide, rather than “how” they are implemented. The reference architecture is intended to facilitate the understanding of the operational intricacies of cloud computing.
The five best characteristics of cloud computing, according to the National Institute of Standards and Technology, are on-demand self-service, broad network access, resource pooling, rapid elasticity and measured service.
Google slides is an example of SaaS (software as a service). SaaS applications are fully functional software applications delivered over the internet, and Google slides as part of the Google Workspace suite, fits this description.
The full form of SaaS is software as a service. It’s a cloud-based software delivery model where applications are hosted and managed by the vendor, and the users access them over the internet.
