8/2/2019 The NIST Offers a Cloud Standard _ Tech Republic

1/2

Network Administrator

ByJohn Joyner August 16, 2011, 1:52 PM PDT

T a ke a w a y : J o h n J o y n e r w a r n s fe llo w I T p r o s t h a t e i t h e r y o u e a t t h e c lo u d o r t h e c lo u d e a t s y o u ! A n e w N I ST c lo u d d e fi n it io n m a y h e l p y o u

eva lua te an d comp ar e the c loud so lu t ions tha t a re l ike ly to f igu re in to your IT fu tu r e .

Undoubtedly the most used marketing phrases in the last year have involved cloud computing as a valuable feature of various software and services for sale. Some see thistrend as evolutionary for IT, a natural next-step following the widespread adoption of virtualization and the profusion of high-speed bandwidth. Others view cloud

computing as another word for host-based computing, in effect, a return full-circle to the fifty-year old model of input/output (I/O) devices connected to a shared

mainframe. But this time, we have a wide variety of useful, even fun I/O devices like smartphones and tablets, and the connection to the shared cloud is wireless and fast!

Both schools of thought (evolution and full-circle) are true, as well as recognizing that the paradigms shifting (because of cloud computing) are natural and unstoppable

phenomena to be embraced or be sacrificed to. Start eating cloud or be eaten by it! This message in many forms is finding its way to all corners of the IT ecosystem. IT

careers that dont involve the cloud are expected to have shorter lifetimes, much as the demand for on-site electric generator operators declined when central electrical

utility service became available to manufacturing plants in the mid-19th century.

Whether you are fram ing an IT career, or more likely, contemplating building your own c loud(s), or comparing the cloud offering of one vendor to the competition, its

imperative that your decisions are based on reason and research. We dont want to invest based on fear, uncertainty, or the latest marketing pitch we heard on how well a

particular vendors cloud solution matches their definition of the cloud. What would help is a definition-based standard, to which you can compare a particular

cloud-based opportunity or offering.

There is an independent scientific authority that has published a draft definition of cloud computing: the National Institute of Standards and Technology (NIST). By

comparing the characteristics of a solution under evaluation to the vendor-neutral NIST cloud computing model, you can validate both (1) that the solution meets the

minimum standards of architecture and workflow to be called a cloud solution and (2) just how cloudy the solution really is!

Taking the fog ou t o f th e c loud

The essence of the NIST cloud definition(http://csrc.nist.gov/publications/drafts/800-145/Draft-SP-800-145_cloud-definition.pdf) can be condensed to one sentence:

Private, Public or Hybrid clouds featuring On Demand Self-Service, Broad Network Access, Rapid Elasticity, Resource Pooling, and Measured Service deploy

Infrastructure, Platform, or Software services.

If you apply this simple proof test against any particular system, you can more confidently assess its cloud-worthiness. Solutions that have all the essential characteristics,

and are deployed with the appropriate cloud and service delivery models, will have the highest chance of success in the marketplace and in your business.

The NIST cloud definition shown in F ig u r e A recognizes several types of cloud deployment models such as public and private clouds. This is the simplest part of the

definition and logically refers to who owns and operates the components of the cloud, such as the datacenter. Note that a private cloud can be on-premise or off-site, and

be managed by either your IT staff or outsourced to a service provider what makes it a private cloud is that it exists to serve only one organization.

F ig u r e A

(http://i.techrepublic.com.com/blogs/nist_cloud.jpg)

Clouds have five (5) essential characteristics, regardless of deployment or service model.

Essen t ia l cha r ac te r i s t i cs o f c loud se rv ice mod e ls

Regardless of the type of cloud deployment model used, a cloud solution needs to deliver value based on one of three recognized service models: Infrastructure, Platform,

or Software as a Service (IaaS, PaaS, or SaaS). These models make clear the demarcation line of responsibility for various components between the cloud provider and

the user. The user has the most involvement in the IaaS model, and the least in the SaaS model.

In the SaaS model, the user just consumes software, just as running a web-mail client. Anyone using Googles Gmail (http://mail.google.com/mail/help

/about.html)or Microsofts Hotmail(http://explore.live.com/windows-live-hotmail-get-started) can understand SaaS.

In the IaaS model, the user needs to assemble and maintain the cloud-hosted infrastructure components such as virtual m achines, storage pools, and firewalls,

sometimes called the cloud fabric.Amazon Web Service (AWS)(http://aws.amazon.com/) and Rackspace(http://www.rackspace.com/cloud/) are leading providers

of this model today.

The intermediate model, PaaS, lets users deploy their application on a cloud provider platform without managing the infrastructure. Microsofts Windows

Azure(http://www.microsoft.com/windowsazure/features/) is an attractive PaaS platform for someone looking for a globally accessible, highly-available delivery

infrastructure to run their application on.

Once you are clear on the cloud deployment and service models employed by a given solution, the acid test is whether the cloud exhibits all the essential characteristics

defined by the NIST:

8/2/2019 The NIST Offers a Cloud Standard _ Tech Republic

2/2

On-Dem an d Se l f Se rv ice: Users provision capabilities as needed and/or automatically, without human interaction by a service provider.

Br o a d Ne t wo r k Ac ce s s : Standard network/Internet access mechanisms promote location-independent use by diverse platforms such as smartphones.

Re s o u r c e P o o li n g: The service provider hosts compute, network, and storage resources in a model that supports multi-tenancy, with dynamic assignment and

reassignment of resources according to demand.

Rap id E las t i c ity: Rapid scale out and scale back of resources; from the users point of view, there are unlimited resources that are paid for based on the quantities

actually consumed.

M e a s u r e d S e r v i ce : Resources are optimized and controlled with a metering capability, with transparent reports on consumption shared with the user.

Using the NIST c loud de f in i t ion

As I mentioned in the beginning of the article, there are known to be many different visions of what cloud computing is or can become. Often these visions are influencedby individuals and organizations that have a lot of investment in a particular component of the cloud ecosystem, such as virtualization or networking. Someone trying to

sell a c loud solution should be able to c onfidently and simply describe the deployment and service model for it, as well as match up the solutions features to the essential

characteristics of the NIST cloud definition.

You might consider avoiding proposed cloud solutions with murky or unclear deployment or service models, as well as those missing one or more essential

characteristics. Cloud solutions that pass the definition test can be evaluated fairly on their price-performance value. Figure A lists in the lower section Common

Characteristics (not part of the NIST essential definition) additional qualities that can help you prioritize what cloud features are important to your organization.

About John Joyner

John Joyner is senior architect at ClearPointe, a Microsoft MVP for Operations Manager, and co-author of the Operations Manager: Unleashed book series.