Lecture 10

NIST Cloud Computing Reference Architecture (CCRA)

Recommendations of the National Institute of Standards and Technology

Introduction to Cloud Computing

 Cloud Computing: A model for enabling convenient, on-demand network access to a

shared pool of configurable computing resources.
 Purpose of CCRA: Provides a high-level overview of cloud participants, their roles, and
interactions to promote better understanding of cloud operations.

For more detailed explanation please read complete architecture and see diagrams

Overview of NIST Cloud Computing Reference Architecture

 Developed by: National Institute of Standards and Technology (NIST)

 Purpose: Defines roles, activities, and responsibilities for cloud environments.
 Main Focus: To standardize cloud terminologies and concepts.

Five Key Actors in CCRA

 Cloud Consumer
 Cloud Provider
 Cloud Auditor
 Cloud Broker
 Cloud Carrier

Cloud Consumer

 Definition: The person or organization that uses cloud services.

 Responsibilities:
o Select and negotiate service levels.
o Monitor and manage consumption of cloud services.
 Examples: Enterprises, individuals using SaaS applications.
Cloud Provider

 Definition: The entity responsible for making cloud services available.

 Responsibilities:
o Manage cloud infrastructure.
o Deliver services like IaaS, PaaS, and SaaS.
 Service Models:
o Infrastructure as a Service (IaaS)
o Platform as a Service (PaaS)
o Software as a Service (SaaS)

Cloud Auditor

 Definition: An independent party that evaluates the cloud services for security,
performance, and compliance.
 Responsibilities:
o Perform audits on the cloud provider's infrastructure and services.
o Ensure compliance with organizational and legal standards.
 Example: Compliance with ISO 27001 for security standards.

Cloud Broker

 Definition: A mediator that facilitates the use, management, and delivery of cloud
services.
 Responsibilities:
o Aggregation: Combine services from multiple providers.
o Integration: Make services interoperable.
o Arbitrage: Choose between different providers based on cost, features.
 Example: A company providing a marketplace for cloud services.

Cloud Carrier

 Definition: The intermediary that provides connectivity and transport between the cloud
provider and consumer.
 Responsibilities:
o Ensures reliable data transmission between the provider and consumer.
o Can be an ISP or telecom company.
Cloud Service Models

 Infrastructure as a Service (IaaS):

o Provides virtualized computing resources (e.g., storage, networks, VMs).
o Example: Amazon EC2.
 Platform as a Service (PaaS):
o Provides a platform allowing customers to develop, run, and manage applications.
o Example: Google App Engine.
 Software as a Service (SaaS):
o Delivers software applications over the internet.
o Example: Microsoft Office 365.

Cloud Deployment Models

 Private Cloud: Exclusive use by a single organization.

 Public Cloud: Open to the general public, owned by a third-party provider.
 Hybrid Cloud: Combination of private and public cloud services.
 Community Cloud: Shared by multiple organizations with a common goal.

Security Considerations

 Data Security: Ensuring data integrity, confidentiality, and availability.

 Compliance: Meeting regulatory standards such as GDPR, HIPAA.
 Shared Responsibility Model: Both cloud provider and consumer share security
responsibilities.

Role of Cloud Consumer in Security

 Best Practices:
o Manage identities and access control.
o Encrypt sensitive data.
o Monitor usage and configure alerts.

Role of Cloud Provider in Security

  Responsibilities:
o Implement physical security for data centers.
o Provide network security features (firewalls, encryption).
o Offer secure APIs and access controls.

Cloud Provider – Service Orchestration

 Service Orchestration: Process of managing cloud resources dynamically to meet the

consumer’s needs.
 Components:
o Resource Abstraction: Virtualized storage, networking, and compute resources.
o Service Layer: Provides the actual services to cloud consumers.
o Control Layer: Manages the provisioning and operations.

Cloud Consumer – Service Monitoring

 Service Monitoring: Process by which the cloud consumer tracks usage and
performance.
 Key Metrics:
o Resource consumption (CPU, memory).
o Service response times.
o Availability and uptime.

Cloud Broker – Aggregation & Integration

 Aggregation: Combining services from multiple providers for a comprehensive solution.

 Integration: Ensuring services work together seamlessly across different platforms and
providers.

Cloud Auditor – Compliance and Risk

 Compliance Audits: Check if the cloud service meets regulatory and organizational
standards.
 Risk Assessments: Evaluate potential risks to cloud services and infrastructure.
Cloud Carrier – Data Transport and Connectivity

 Data Transport: The carrier ensures that data is transmitted reliably between the cloud
consumer and provider.
 Latency and Bandwidth: Carriers play a role in managing these factors to ensure
optimal performance.

Explanation of Key Cloud Service Broker Functions

When discussing the NIST Cloud Computing Reference Architecture (CCRA), certain
service-related concepts like Service Orchestration, Service Aggregation, Service Arbitrage,
and Service Intermediation are crucial. These functions are primarily associated with the role of
a Cloud Service Broker and explain how services are delivered, managed, or enhanced in a
cloud environment. Let’s break them down in detail:

1. Service Orchestration

Service Orchestration refers to the process through which cloud providers dynamically manage
and coordinate resources (e.g., compute, storage, networking) to meet the consumer’s needs.

Key Points:

 Resource Management: Involves the automated management of cloud resources such as

virtual machines, storage, or networks to ensure services are available.
 Dynamic Provisioning: Resources are provisioned or de-provisioned based on demand
to optimize performance and costs.
 Workflow Automation: Coordinates different services and processes to ensure seamless
operations and service delivery.
 Example: When a cloud provider like AWS automatically scales up instances when
traffic increases, orchestrating multiple components such as storage, virtual machines,
and databases to meet demand.

2. Service Aggregation

Service Aggregation refers to the process by which a Cloud Broker combines multiple services
from different providers to offer a unified solution to the consumer.

Key Points:
  Combining Multiple Services: A broker may combine several cloud services (e.g., email
service, database service, data backup service) from different cloud providers to create a
comprehensive package.
 Simplified Management: Consumers interact with the broker to access these aggregated
services, simplifying the management process.
 Integrated Solution: The broker ensures that all combined services work together
seamlessly.
 Example: A broker might offer a solution that includes AWS for compute resources,
Google Cloud for machine learning services, and Microsoft Azure for storage, bundling
them into one offering.

3. Service Arbitrage

Service Arbitrage involves selecting services from different providers based on cost,
performance, or specific features, giving flexibility to choose the best service at a given time.

Key Points:

 Dynamic Selection: A broker may dynamically switch between service providers to

choose the best option based on price, performance, or feature set at any given moment.
 Optimizing Consumer Needs: Service arbitrage allows consumers to access the best
services without having to deal with multiple providers themselves.
 Not Fixed: Unlike aggregation, where services from multiple providers are bundled
together, arbitrage involves selecting the best provider for a specific service at a
particular point in time.
 Example: If one cloud provider offers cheaper storage or better availability in a specific
region, the broker can switch to that provider to offer better value to the consumer.

4. Service Intermediation

Service Intermediation refers to when a Cloud Broker adds value to an existing cloud service
by offering additional features like performance monitoring, security management, or improved
user interfaces.

Key Points:

 Enhancement of Services: Brokers add value by enhancing existing cloud services

through added functionalities or services, such as providing better security or user
support.
 Customization: The broker may customize services to meet specific consumer needs,
such as improving data encryption options or adding better reporting tools.
  Example: A broker might take a cloud provider’s storage service and add encryption,
monitoring, and additional backup capabilities for enhanced data security.

Summary of Differences

Concept Function Example

Service Manages and coordinates cloud Automatically scaling cloud resources
Orchestration resources dynamically. based on traffic needs.
Service Combines multiple cloud services Offering a bundled service with AWS
Aggregation into a single offering. compute, Google ML, and Azure storage.
Chooses the best service from Switching between cloud providers for the
Service
different providers based on best price for storage or better availability
Arbitrage
factors like price or performance.
in a region.
Adding security features or improved
Service Enhances existing cloud services monitoring tools to a cloud service for
Intermediation by adding extra value. better security or performance
management.