What is cloud computing? It may seem odd for me to be asking that question today given “the cloud” has been around for years and it absolutely dominates the information technology landscape. I actually addressed this question in a blog post I wrote two years ago. At the time, many people I encountered were struggling with the term and the litany of differing and disparate ‘expert’ views didn’t help this situation. My article focused on the definition developed by Peter Mell and Tim Grance at the National Institute of Standards and Technology (NIST), “The NIST Definition of Cloud Computing”, NIST Special Publication 800-145.
In the two years since I wrote my post, cloud adoption has continued to grow and there is no end in sight. Though the potential benefits of cloud computing are off-the-chart, this incredible information technology advance poses new threats in my quest to help eliminate the “us and them” divide between IT organizations and the businesses they serve. In my last post, I talked about the onset of “Shadow IT” - IT systems and IT solutions built and used inside organizations without organizational approval. Cloud-based applications and services represent one of the primary Shadow-IT conventions. Many business units are in danger of undermining their enterprise goals by making unilateral and potentially harmful information technology decisions. This is tragic because sound cloud computing decisions could realize phenomenal potential for almost every organization. I also find it ironic because one of the themes of my latest presentation and workshop, “Ensuring Cloud Computing Success,” is how IT and the business can use cloud computing as a catalyst to act as “one.”
As I mentioned in my Shadow IT post, IT organizations can leverage business leader interest in cloud computing and their resulting willingness to make information technology decisions to foster a stronger relationship and a share in IT governance accountability. The first step in getting IT and the business to take the cloud journey together is to establish a common understanding of cloud computing. This is easier said than done as I continue encounter many folks that do not have a solid grasp on the cloud. Either they still find the concept of cloud computing to be complex, confusing, and difficult to understand, or they greatly oversimplify it. More and more people I talk to believe all software-as-a-service (SaaS) is cloud computing, when in fact SaaS has been around a lot longer than cloud computing.
Understanding cloud computing is not just a challenge for information technology novices. I recently partnered with a few IT-experts to deliver a day-long ‘cloud transformation’ preconference workshop. We developed the workshop without ever arriving to a consensus on the definition of cloud computing. We “settled” on the NIST view because when push-came-to-shove, some folks in the group didn’t think it was necessary for us all to be in lock-step on a definition. This suited our purpose and the workshop was a success, but I think the lack of a common understanding of cloud computing could hamper the ability of the business and IT to make sound shared cloud decisions.
So once again, I present the NIST definition of cloud computing. I hitched my cloud-wagon to the NIST-star because I felt NIST provided the most straightforward and simple description. I’m not alone in my advocacy of the NST definition. Many vendors, pundits and experts refer to NIST and both the International Standards Organization (ISO) and the Institute of Electrical and Electronics Engineers (IEEE) back the NIST definition. Here it is:
“Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
In addition to this concise definition of Cloud Computing, I especially like how NIST describes the elements of cloud computing. You need only remember this: 5-3-4. (Yes, I know that 3-4-5 or 5-4-3 would be easier to recall, but I did not want to change the sequence established at NIST.)
Cloud Computing has 5 essential characteristics. (Note the word, essential. Peter and Tim aren’t as iron-fisted, but I insist that if any of these characteristics is missing, it isn’t Cloud Computing.)
On-demand self-service – A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service’s provider.
Broad network access – Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs).
Resource pooling – The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, and network bandwidth.
Rapid elasticity – Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time.
Measured Service – Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported providing transparency for both the provider and consumer of the utilized service.
Cloud Computing is composed of 3 Service Models:
Cloud Software as a Service (SaaS). The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
Cloud Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.
Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).
Cloud Computing is composed of 4 Deployment Models:
Private cloud – The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.
Community cloud – The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise.
Public cloud – The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.
Hybrid cloud – The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).
There it is – simple, straightforward, and easy to understand. This brings me to a question, “Why isn’t everyone using the NIST definition?” Frankly, I don’t know. Again, the most common misuse or misunderstanding I encounter is when people apply the cloud computing term to all instances of software-as-a-service (SaaS) and many folks are now characterizing all off-premise computing as cloud computing. If it is not in their datacenter (on-premise), then it is running in “the cloud.”
I believe a solid and mutual understanding of the cloud is essential when making collaborative cloud computing decisions but more and more I come across folks who don’t think a precise definition is that important. So I’ll close with this question:
“Should the absence of one, or even two, of the ‘essential characteristics’ of the NIST cloud computing view disqualify the use of the cloud term?”
I’d love to hear your thoughts. In the meantime, there have been a number of good posts attempting to dispel the notion that this relatively new information technology cumulus is nebulous. One of the best out there is by @PeterKretzman. The post is titled, “Cloud computing: misunderstood, but really not that complicated a concept.” It is well worth the look as you decide, “What is cloud computing?”
~ Steve ~