Cloud Computing Architecture Explained in Easy to Understand Diagrams
From the Cloud to Your Screen
Cloud computing refers to the use of computers which access Internet locations for computing power, storage and applications, with no need for the individual access points to maintain any of the infrastructure.
To have a discussion of cloud computing infrastructure and describe its architecture without confusion, it is necessary to have more precise definitions than the end user, and the cloud, via the Internet.
The National Institute of Standards and Technology has recently completed a study on cloud computing definitions and architecture, and is currently in the draft stages of a synopsis of cloud computing. The Federal Government is considering utilizing cloud computing for its costs savings and more efficient use of infrastructure.
The National Institute of Standards and Technology (NIST) gives this definition in The NIST Definition of Cloud Computing, Special Publication 800-145:
“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models.”
Service models are SaaS (Software as a Service), PaaS (Platform as a Service) and IaaS (Infrastructure as a Service). Architecture designs for cloud computing use different components, in part based on the services they are using in the cloud. Each level gives the user additional control.
NIST Cloud Computing Relationships
Using NIST definitions, the end-user is the cloud consumer; the source of the cloud is the cloud provider; the cloud broker manages service between the end-user and the cloud; the cloud carrier connects and transports cloud services of different types between the end-user and the cloud source; the cloud auditor is an independent source to assess the operations and performance of services – and especially, to review the security of the services.
Cloud computing architecture, for specific instances, is a configuration of these components and the way they are arranged, based on needs of the end-user - the cloud consumer.
People who take advantage of cloud computing can use as many or as few of the services as they want. Individuals often utilize cloud computing for backup and storage of their data, and access the cloud via their anti-virus software on a regular basis. They may also use web apps such as Google Docs or Zoho as office suites. (SaaS)
Small business may use the cloud for SaaS and more – Platform as a Service allows them to select the applications and configurations most suitable for their needs, and run them on the provided operating system from the cloud. This allows small business to offer more services to customers with less need to invest in their own infrastructure. Another well-known attribute of cloud computing is scalability. Peak usage is able to use more resources in the cloud without the need for the business to have enough infrastructure to handle estimated peak usage. NIST calls this elasticity.
Scope of Controls
The end-user uses services in the cloud from cloud providers – utilizing SaaS, PaaS or IaaS depending on their needs, The cloud providers make the services available and control more or less of what the end users access, depending on the services needed. The cloud is opaque below the level of services the end-user consumes – and they do not need to know how the services are provided to them.
Multiple cloud providers can supply a single user when needed – and the end-user neither knows, nor needs to know. All they are aware of is requesting more server time, or hosting space, and receiving it.
Because of this opacity, security is an integral component of cloud services. Security, including confidentiality, the verifiability of stored information and reliability, is essential to cloud computing. Without this, there is a disincentive to utilizing cloud computing. Individuals, businesses and governments all need to be certain that secure information put in the cloud is not going to be hacked or leaked. As well, access to the cloud needs to be reliable and continuous. When the cloud provider is unknown to the end user, they are relinquishing control over the safety of the data and applications within the cloud.
Basic cloud computing security depends on the proven and perceived trustworthiness of the provider – or increasingly, the cloud broker. The provider is almost inevitably going to have access to any information placed on their servers. Cloud auditors are necessary to provide verification and certification of security needs.
Types of Cloud Computing
There are four separate types of clouds, according to the NIST. They are:
- Public clouds – accessible by any user
- Private clouds – clouds accessible only to a single organization or company
- Community clouds, which are a subset group of users with needs and concerns in common
- Hybrid clouds, which are combinations of the previous three types.
Some users may only be interested in cloud computing if they can create a private cloud – which if shared at all, is only between locations for a company or corporation. Some groups feel the idea of cloud computing is just too insecure. In particular, financial institutions and large corporations do not want to relinquish control to the cloud, because they don’t believe there are enough safeguards to protect information.
Private clouds don’t share the elasticity and, often, there is multiple site redundancy found in the public cloud. As an adjunct to a hybrid cloud, they allow privacy and security of information, while still saving on infrastructure with the utilization of the public cloud, but information moved between the two could still be compromised.
Cloud computing is meant to provide better utilization of computing resources, scalability, disaster backups and reliability through the use of multiple sites proving services. This efficiency establishes cloud computing as a type of green computing. As the studies done by NIST indicate, the Federal Government is interested in the benefits of cloud computing. Individuals and small businesses, especially startups, find cloud computing a way to concentrate their resources on establishing the business, rather than diverting money to infrastructure.
However, there are some holdouts, and as long as the cloud provider is not the end-user, there will be security questions.
- NIST Cloud Computing Reference Architecture Special Publication 500-292 http://www.nist.gov/customcf/get_pdf.cfm?pub_id=909505
- Images from NIST publications are from screenshots the author took of the PDF documents. Figure and table numbers are given for each image for easy location.
- Privacy in the Cloud by Daniel Dix and Andrew Bristow http://www.princeton.edu/~ddix/home.html
- NIST Definition of Cloud Computing http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
- DRAFT Cloud Computing Synopsis and Recommendations http://csrc.nist.gov/publications/drafts/800-146/Draft-NIST-SP800-146.pdf