The in-demand availability of computer system resources, particularly data storage and processing power, without the user’s direct involvement is known as cloud computing. Large clouds frequently distribute their services among several sites, each of which is a data center. Cloud computing depends on sharing resources to accomplish coherence. It often uses a "pay-as-you-go" approach, which can assist in reducing capital expenses but may also result in unforeseen running expenses for users. The hardware and software elements necessary for a cloud computing model's correct execution are included in the cloud infrastructure.
With the increased demand for Cloud Computing across the world, the definitions, structures, and use of cloud computing have increased. So, there will be different perspectives on using these services, and various services may differ from client to client or location. This is where the cloud computing reference model comes in. The cloud reference model is an abstract model used to standardize the functions and parameters of cloud computing so that various cloud services and vendors across the world having different technologies can communicate with each other. Opt for online Cloud training courses and stay ahead.
What is Cloud Computing Reference Model?
The cloud computing reference model is an abstract model that divides a cloud computing environment into abstraction layers and cross-layer functions to characterize and standardize its functions. This reference model divides cloud computing activities and functions into three cross-layer functions and five logical layers.
Each of these layers describes different things that might be present in a cloud computing environment, such as computing systems, networking, storage equipment, virtualization software, security measures, control and management software, and so forth. It also explains the connections between these organizations. The five layers are the Physical layer, virtual layer, control layer, service orchestration layer, and service layer.
The Cloud Computing reference model is divided into 3 major service models:
- Software as a Service (SaaS)
- Platform as a Service (PaaS)
- Infrastructure as a Service (IaaS)
The below diagram explains the cloud computing reference model:
Cloud Computing Reference Model Overview
IaaS, PaaS, and SaaS are the three most prevalent cloud delivery models, and together, they have been widely adopted and formalized. A cloud delivery service model is a specific, preconfigured combination of IT resources made available by a cloud service provider. However, the functionality and degree of administrative control each of these three delivery types offers cloud users varies.
These abstraction layers can also be considered a tiered architecture, where services from one layer can be combined with services from another, for example, SaaS can supply infrastructure to create services from a higher layer. Let us have a look at the layers of cloud computing reference model.
1. SaaS
Software as a Service (SaaS) is a form of application delivery that relieves users of the burden of software maintenance while making development and testing easier for service providers.
The cloud delivery model's top layer is where applications are located. End customers get access to the services this tier offers via web portals. Because online software services provide the same functionality as locally installed computer programs, consumers (users) are rapidly switching from them. Today, ILMS and other application software can be accessed via the web as a service.
In terms of data access, collaboration, editing, storage, and document sharing, SaaS is unquestionably a crucial service. Email service in a web browser is the most well-known and widely used example of SaaS, but SaaS applications are becoming more cooperative and advanced.
Features of SaaS are as follows:
- The cloud consumer has full control over all the cloud services.
- The provider has full control over software applications-based services.
- The cloud provider has partial control over the implementation of cloud services.
- The consumer has limited control over the implementation of these cloud services.
2. PaaS
Platform as a Service is a strategy that offers a high level of abstraction to make a cloud readily programmable in addition to infrastructure-oriented clouds that offer basic compute and storage capabilities (PaaS). Developers can construct and deploy apps on a cloud platform without necessarily needing to know how many processors or how much memory their applications would use. A PaaS offering that provides a scalable environment for creating and hosting web applications is Google App Engine, for instance.
Features of the PaaS layer are as follows:
- The cloud provider has entire rights or control over the provision of cloud services to consumers.
- The cloud consumer has selective control based on the resources they need or have opted for on the application server, database, or middleware.
- Consumers get environments in which they can develop their applications or databases. These environments are usually very visual and very easy to use.
- Provides options for scalability and security of the user’s resources.
- Services to create workflows and websites.
- Services to connect users’ cloud platforms to other external platforms.
3. IaaS
Infrastructure as a Service (IaaS) offers storage and computer resources that developers and IT organizations use to deliver custom/business solutions. IaaS delivers computer hardware (servers, networking technology, storage, and data center space) as a service. It may also include the delivery of OS and virtualization technology to manage the resources. Here, the more important point is that IaaS customers rent computing resources instead of buying and installing them in their data centers. The service is typically
paid for on a usage basis. The service may include dynamic scaling so that if the customers need more resources than expected, they can get them immediately.
The control of the IaaS layer is as follows:
- The consumer has full/partial control over the infrastructure of the cloud, servers, and databases.
- The consumer has control over the implementation and maintenance of virtual machines.
- The consumer has a choice of VM machines that have already been installed with pre-installed operating systems.
- The cloud provider has full control over the data centers and the other hardware involved in them.
- It has the ability to scale resources based on user usage.
- It can also copy data worldwide so that data can be accessed from anywhere in the world as soon as possible.
You can learn in-depth about these layers when you go for the AWS certification Cloud Practitioner course.
Types of Cloud Computing Reference Model
There is various type of cloud computing reference model used based on different requirements of the consumers. The most important type of cloud computing reference model is the cloud reference model in cloud computing. The National Institute of Standards and Technology (NIST) is an organization designed by the US government (USG) agency for the adoption and development of cloud computing standards.
The principles of NIST Cloud computing reference architecture are:
- Create a vendor-neutral architecture that adheres to the NIST standard.
- Create a solution that does not inhibit innovation by establishing a required technological solution.
- The NIST Cloud computing reference architecture provides characteristics like elasticity, self-service, and resource collaboration.
The service models involved in this architecture are:
- Software as a Service (SaaS)
- Platform as a Service (PaaS)
- Infrastructure as a Service (IaaS)
NIST Cloud computing also has 4 deployment models, which are as follows:
1. Public
This is the model where cloud infrastructure and resources are given to the public via a public network. These models are generally owned by companies that sell cloud services.
2. Private
This is the model where cloud infrastructure and resources are only accessible by the cloud consumer. These models are generally owned by cloud consumers themselves or a third party.
3. Community
This is the model where a group of cloud consumers might share their cloud infrastructure and resources as they may have the same goal and policies to be achieved. These models are owned by organizations or third-party.
4. Hybrid
This model consists of a mixture of different deployment models like public, private, or community. This helps in the exchange of data or applications between various models.
Examples of Cloud Computing Reference Model Apart From NIST
- IBM Architecture
- Oracle Architecture
- HP Architecture
- Cisco Reference Architecture
CSA Cloud Reference Model
The CSA Cloud Reference Model provides a standardized framework for cloud security, addressing critical components to ensure strong protection in cloud environments.
The model includes guidelines for secure design and deployment across infrastructure, platform, and application layers, forming the Cloud Architectural Framework. Governance, Risk, and Compliance (GRC) policies and controls help manage cloud security risks and ensure regulatory compliance. Cloud Security Controls cover data protection, identity management, and incident response, while Data Security and Privacy techniques like encryption and data masking safeguard sensitive information. Application Security involves secure coding practices and vulnerability assessments to protect cloud-based applications. Operational Security includes monitoring, incident management, and disaster recovery planning, ensuring continuous protection and quick recovery from incidents.
The OCCI Cloud Reference Model
The OCCI Cloud Reference Model provides a framework for managing cloud services, ensuring interoperability and standardization across diverse environments. Key components include a standardized Cloud Service Interface for provisioning, monitoring, and managing cloud services, and Resource Management for efficient allocation, monitoring, and utilization of cloud resources like compute, storage, and network. Service Management focuses on the lifecycle management of cloud services, ensuring consistency and efficiency. The model also includes guidelines for Security and Compliance, promoting robust security measures and regulatory adherence.
Major Actors of Cloud Computing Reference Model
There are five major actors in NIST cloud computing reference architecture. They are:
- Cloud Consumer
- Cloud Provider
- Cloud Carrier
- Cloud Auditor
- Cloud Broker
The image below will explain the cloud computing reference model in a neat diagram.
Each actor is an entity that participates in the process and/or completes duties in cloud computing. This entity could be a person or an organization.
1. Cloud Consumer
The end user that the cloud computing service is designed to support is the cloud consumer. An individual or corporation with a working relationship with a cloud provider and utilizing its services is referred to as a cloud consumer. A cloud customer peruses a cloud provider's service catalog, makes the proper service request, enters into a service agreement with the cloud provider, and then utilizes the service. The cloud customer may be charged for the service provided, in which case payment arrangements must be made. They need to have a cloud Service Level Agreement (SLA).
2. Cloud Provider
Any individual, group, or other entity in charge of making a service accessible to cloud users is a cloud provider. A cloud provider creates the requested software, platforms, and infrastructure services, manages the technical infrastructure needed to supply the services, provisions the services at agreed-upon service levels, and safeguards the services' security and privacy.
Through service interfaces and virtual network interfaces that aid in resource abstraction, the cloud provider implements the cloud software to make computing resources accessible to cloud consumers who use the infrastructure as a service.
3. Cloud Carrier
A cloud carrier serves as an intermediary between cloud providers and customers, facilitating connectivity and transport of cloud services. Customers can access the cloud through the network, telecommunication, and other access equipment provided by cloud carriers. Customers of cloud services, for instance, can get them through network access devices, including laptops, mobile phones, PCs, and mobile Internet devices (MIDs), among others. Network and telecommunication carriers typically handle the distribution of cloud services, while a transport agent is a company that arranges for the physical delivery of storage devices like high-capacity hard drives.
Remember that a cloud provider will establish service level agreements (SLAs) with a cloud carrier to provide services at a level consistent with the SLAs offered to cloud consumers. The cloud provider may also demand that the cloud carrier provide dedicated and encrypted connections between cloud consumers and cloud providers.
4. Cloud Auditor
An unbiased evaluation of cloud services, information system operations, performance, and the security of a cloud computing implementation can be done by a cloud auditor. A cloud auditor can assess a cloud provider's services in terms of performance, service level agreement compliance, privacy implications, and security controls.
The management, operational, and technical precautions or countermeasures used inside an organizational information system to ensure the privacy, availability, and integrity of the system and its data are known as security controls.
To do a security audit, a cloud auditor can evaluate the information system's security controls to see how well they are being implemented, functioning as intended, and achieving the required results in relation to the system's security needs. Verifying compliance with law and security policy should be part of the security audit.
5. Cloud Broker
An organization called a "Cloud Broker" controls how cloud services are used, performed, and delivered and negotiates contracts between cloud providers and cloud users. The integration of cloud services could become too difficult for cloud consumers to handle as cloud computing develops. Instead of contacting a cloud provider directly in certain circumstances, a cloud consumer may request cloud services through a cloud broker. A single point of access for controlling numerous cloud services is offered by cloud brokers. The capacity to offer a single consistent interface to numerous different providers, whether the interface is for commercial or technical objectives, separates a cloud broker from a cloud service provider. Cloud Brokers provide services in three categories:
- Intermediation: By enhancing a certain feature and offering cloud consumers value-added services, a cloud broker improves a given service. The enhancement may take the shape of identity management, performance reporting, improved security, etc.
- Aggregation: Several services are combined and integrated into one or more new services by a cloud broker. The broker offers data and service integration, guarantees secure data transfer between the cloud consumer and various cloud providers, and provides these services.
- Arbitrage: Like service aggregation, service arbitrage differs in that the services being integrated or aggregated are not fixed. Service arbitrage refers to the freedom a Broker has to select services from various service Providers.
Interactions Between Actors in Cloud Computing in Cloud Security Reference Model
1. Instead of contacting a cloud provider directly, a cloud consumer may request service through a cloud broker. The cloud broker may combine several services to form a new service or may improve an existing one. In this illustration, the cloud consumer interacts directly with the cloud broker and is unaware of the actual cloud providers.
2. An unbiased evaluation of the functionality and security of a cloud service's implementation is done by a cloud auditor. Interactions with the cloud consumer and cloud provider may be necessary for the audit.
3. The connectivity and delivery of cloud services from cloud providers to cloud consumers are handled by cloud carriers. Figure 4 shows how a cloud provider arranges and participates in two distinct service level agreements (SLAs), one with a cloud carrier (for example, SLA2) and one with a cloud consumer (e.g., SLA1).
To ensure that the cloud services are used at a consistent level in accordance with the contractual responsibilities with the cloud consumers, a cloud provider negotiates service level agreements (SLAs) with a cloud carrier and may ask for dedicated and encrypted connections. In this situation, the provider may express its functionality, capability, and flexibility needs in SLA2 to meet SLA1's basic requirements.
Security Reference Model in Cloud Computing
The formal model for the NIST Cloud Computing Security Reference Architecture is NIST SP 500-292: A connected collection of security components generated from the CSA TCI-RA, the NIST Cloud Computing Reference Architecture, and a way for utilizing the formal model and the security components to orchestrate a safe cloud ecosystem.
The Cloud Security reference model is agnostic about the cloud deployment model, and its methodology may easily be applied to data about Private, Community, or Hybrid clouds. It is a formal model, a collection of Security Components, and a methodology for applying a cloud-adapted Risk Management Framework. Since a public cloud deployment model best supports illustrative examples of all the NCC-SRA Security Components and security considerations, this document uses it to describe the methodology for illustration purposes.
The Cloud Security reference model introduces a risk-based methodology to establish each cloud actor's accountability for putting particular controls throughout the cloud ecosystem's life cycle. The Security Components are specifically examined for each instance of the cloud Ecosystem to determine the degree to which each cloud actor participated in the implementation of those components. This document's main goal is to demystify the process of describing, identifying, classifying, analyzing, and choosing cloud-based services for cloud consumers who are trying to figure out which cloud service offering best addresses their cloud computing needs and supports their business and mission-critical processes and services in the most secure and effective way.
Looking to boost your career? Join our ITIL certification training course and become an expert in no time. Gain the skills you need to succeed in the ever-evolving IT industry. Enroll now!
Conclusion
Any cloud project needs a solid architecture to guarantee that the created cloud solution meets the requirement. Regardless of whether the solution uses a private, public, or hybrid cloud, this is crucial. Reference architectures for cloud computing have been offered by both major IT suppliers and other sorts of organizations. By employing a reference design, your cloud will have a solid "blueprint" from the beginning.
You can say using cloud computing reference architecture in cloud computing is like using the TCP/IP or OSI model in Networking. So, to briefly summarize the cloud computing reference model, it is a model which provides a blueprint or a structure for cloud computing that can be used as a standard procedure all over the world.
So, utilizing a cloud computing reference architecture will enable you to build on the experiences of others as well as design and deploy a strong cloud solution. A reference design needs to apply to all IT projects, not only cloud-related ones and for that matter, non-IT projects as well. To learn more about the Security reference model and Cloud Computing Reference Architecture, you can check out KnowledgeHut's Cloud training courses.