Chapter 2

FUNDAMENTAL CONCEPTS AND

MODELS
Outlines
2.1 Roles and Boundaries
2.2 Cloud Characteristics
2.3 Cloud Delivery Models
2.4 Cloud Deployment Models
2.1 Roles and Boundaries

 Organizations and humans can assume different types of predefined roles

depending on how they relate to and/or interact with a cloud and its hosted IT
resources.
 Each of the upcoming roles participates in and carries out responsibilities in
relation to cloud-based activity.
 Cloud Provider
 The organization that provides cloud-based IT resources is the cloud provider.
When assuming the role of cloud provider, an organization is responsible for
making cloud services available to cloud consumers, as per agreed upon SLA
guarantees.
 The cloud provider is further tasked with any required management and
administrative duties to ensure the on-going operation of the overall cloud
infrastructure.
 Cloud providers normally own the IT resources that are made available for
2.1 Roles and Boundaries …

 Cloud Consumer
 A cloud consumer is an organization (or a human) that has a formal contract
or arrangement with a cloud provider to use IT resources made available by
the cloud provider. Specifically, the cloud consumer uses a cloud service
consumer to access a cloud service (Figure 2.1).
 2.1 Roles and Boundaries …

 Cloud Broker
 A third-party organization that assumes the responsibility of negotiating, managing and
operating cloud services on behalf of a cloud consumer is assuming the role of cloud
broker.
 Cloud brokers can provide mediation services between cloud consumers and cloud
providers, including intermediation, aggregation, arbitrage, and others. A cloud broker
commonly provides these services for multiple cloud consumers facing multiple cloud
providers alternatively or simultaneously, acting as an integrator of cloud services and an
aggregator of cloud consumers, as shown in Figure 2.2.
 2.1 Roles and Boundaries …

 Cloud Service Owner

 The person or organization that legally owns a cloud service is called a cloud service
owner. The cloud service owner can be the cloud consumer, or the cloud provider that
owns the cloud within which the cloud service resides. For example, either the cloud
consumer of Cloud X or the cloud provider of Cloud X could own Cloud Service A
(Figures 4.3 and 4.4).
2.1 Roles and Boundaries …

 Cloud Resource Administrator

 A cloud resource administrator is the person or organization responsible for
administering a cloud-based IT resource (including cloud services). The cloud resource
administrator can be (or belong to) the cloud consumer or cloud provider of the cloud
within which the cloud service resides.
 Alternatively, it can be (or belong to) a third-party organization contracted to
administer the cloud-based IT resource. For example, a cloud service owner can
contract a cloud resource administrator to administer a cloud service (Figures 2.5 and
2.6).
 2.1 Roles and Boundaries …

 The reason a cloud resource administrator is not referred to as a “cloud service

administrator” is because this role may be responsible for administering cloud-based IT
resources that don’t exist as cloud services.
 For example, if the cloud resource administrator belongs to (or is contracted by) the cloud
provider, IT resources not made remotely accessible may be administered by this role
(and these types of IT resources are not classified as cloud services).
 Additional Roles
 Cloud Auditor – A third-party (often accredited) that conducts independent
assessments of cloud environments assumes the role of the cloud auditor. The typical
responsibilities associated with this role include the evaluation of security controls,
privacy impacts, and performance. The main purpose of the cloud auditor role is to
provide an unbiased assessment (and possible endorsement) of a cloud environment
to help strengthen the trust relationship between cloud consumers and cloud
providers.
 • Cloud Carrier – The party responsible for providing the wire-level connectivity
between cloud consumers and cloud providers assumes the role of the cloud carrier.
 2.1 Roles and Boundaries …

 Organizational Boundary
 An organizational boundary represents the physical perimeter that surrounds a set of
IT resources that are owned and governed by an organization.

Trust Boundary
 When an organization assumes the role of cloud consumer to access cloud-based IT
resources, it needs to extend its trust beyond the physical boundary of the
organization to include parts of the cloud environment.
 A trust boundary is a logical perimeter that typically spans beyond physical
boundaries to represent the extent to which IT resources are trusted. When analyzing
cloud environments, the trust boundary is most frequently associated with the trust
issued by the organization acting as the cloud consumer.
 2.2 Cloud Characteristics

 The following characteristics are common to the majority of cloud environments:

 On-demand usage
 Ubiquitous access
 Multitenancy (and resource pooling)
 Elasticity
 Measured usage
 Resiliency
 Cloud providers and cloud consumers can assess these characteristics individually and
collectively to measure the value offering of a given cloud platform.
 On-Demand Usage
 A cloud consumer can unilaterally access cloud-based IT resources giving the cloud
consumer the freedom to self-provision these IT resources.
 2.2 Cloud Characteristics …

 Ubiquitous Access
 Ubiquitous access represents the ability for a cloud service to be widely accessible.
Establishing ubiquitous access for a cloud service can require support for a range of
devices, transport protocols, interfaces, and security technologies.
 Multitenancy
 The characteristic of a software program that enables an instance of the program to
serve different consumers (tenants) whereby each is isolated from the other, is referred
to as multitenancy.
 Resource pooling allows cloud providers to pool large-scale IT resources to serve multiple
cloud consumers.
 Elasticity
 Elasticity is the automated ability of a cloud to transparently scale IT resources, as
required in response to runtime conditions or as pre-determined by the cloud consumer
or cloud provider.
 2.1 Roles and Boundaries …

 Measured Usage
 The measured usage characteristic represents the ability of a cloud platform to keep
track of the usage of its IT resources, primarily by cloud consumers.
 Resiliency
 Resilient computing is a form of failover that distributes redundant implementations of IT
resources across physical locations. IT resources can be pre-configured so that if one
becomes deficient, processing is automatically handed over to another redundant
implementation.
 Within cloud computing, the characteristic of resiliency can refer to redundant IT
resources within the same cloud (but in different physical locations) or across multiple
clouds.
 2.3 Cloud Delivery Models

 A cloud delivery model represents a specific, pre-packaged combination of IT resources offered

by a cloud provider. Three common cloud delivery models have become widely established
and formalized:
 Infrastructure-as-a-Service (IaaS)
 Platform-as-a-Service (PaaS)
 Software-as-a-Service (SaaS)
 cloud delivery model can be referred to as a cloud service delivery model because each model
is classified as a different type of cloud service offering.
 Infrastructure-as-a-Service (IaaS)
 The IaaS delivery model represents a self-contained IT environment comprised of
infrastructure-centric IT resources that can be accessed and managed via cloud service-based
interfaces and tools. This environment can include hardware, network, connectivity, operating
systems, and other “raw” IT resources.
 The general purpose of an IaaS environment is to provide cloud consumers with a high level of
control and responsibility over its configuration and utilization. The IT resources provided by
IaaS are generally not pre-configured, placing the administrative responsibility directly upon
 2.3 Cloud Delivery Models …

 Platform-as-a-Service (PaaS)
 The PaaS delivery model represents a pre-defined “ready-touse” environment typically
comprised of already deployed and configured IT resources. Specifically, PaaS relies on
(and is primarily defined by) the usage of a ready-made environment that establishes a
set of pre-packaged products and tools used to support the entire delivery lifecycle of
custom applications.
 Software-as-a-Service (SaaS)
 A software program positioned as a shared cloud service and made available as a
“product” or generic utility represents the typical profile of a SaaS offering. The SaaS
delivery model is typically used to make a reusable cloud service widely available (often
commercially) to a range of cloud consumers.
 2.3 Cloud Delivery Models …

 Cloud Delivery Sub Models

 Many specialized variations of the cloud delivery models exist, each comprised of a
distinct combination of IT resources. These cloud delivery sub models are also typically
named using the “asa- Service” convention and each can be mapped to one of the three
basic cloud delivery models.
 Database-as-a-Service sub model belongs to the PaaS model, since a database system is
commonly a component of the ready-made environment that is part of a PaaS platform.
 Security-as-a-Service is a sub model of SaaS and is used to provide access to features
that can be used to secure cloud consumer IT assets.
 Storage-as-a-Service sub model of IaaS that a cloud provider can use to delivers cloud
storage-related services to cloud consumers.
 2.34 Cloud Deployment Models

 A cloud deployment model represents a specific type of cloud environment, primarily

distinguished by ownership, size, and access.
 There are four common cloud deployment models:
 Private cloud
 Public cloud
 Multi-cloud

 Hybrid cloud
 Private Clouds
 A private cloud is owned by a single organization. Private clouds enable an
organization to use cloud computing technology as a means of centralizing
access to IT resources by different parts, locations, or departments of the
organization.
 2.34 Cloud Deployment Models …

 Public Clouds
 A public cloud is a publicly accessible cloud environment owned by a third-party cloud
provider. The IT resources on public clouds are usually provisioned via the previously described
cloud delivery models and are generally offered to cloud consumers at a cost or are
commercialized via other avenues (such as advertisement).
 The cloud provider is responsible for the creation and on-going maintenance of the public
cloud and its IT resources.
 Multi-Clouds
 With a multi-cloud deployment model, a cloud consumer organization can use cloud services
and IT resources from different public clouds provided by multiple cloud providers.
 This deployment model can be used to improve redundancy and system backups, to improve
mobility by reducing vendor lock-in, or to leverage best-of-breed cloud services from different
cloud vendors.
 Hybrid Clouds
 A hybrid cloud is a cloud environment comprised of two or more different cloud deployment
END