Chapter 3:

Roles:
Cloud Provider
The organization that provides cloud-based IT resources is the cloud provider. When assuming the role of cloud provider,
an organization is responsible for making cloud services available to cloud consumers, as per agreed upon SLA guarantees.
The cloud provider is further tasked with any required management and administrative duties to ensure the on-going
operation of the overall cloud infrastructure.
Cloud providers normally own the IT resources that are made available for lease by cloud consumers; however, some
cloud providers also “resell” IT resources leased from other cloud providers.

Cloud Consumer
A cloud consumer is an organization (or a human) that has a formal contract or arrangement with a cloud provider to use
IT resources made available by the cloud provider. Specifically, the cloud consumer uses a cloud service consumer to
access a cloud service.

Cloud Service Owner

The person or organization that legally owns a cloud service is called a cloud service owner. The cloud service owner can
be the cloud consumer, or the cloud provider that owns the cloud within which the cloud service resides.

Cloud Resource Administrator

A cloud resource administrator is the person or organization responsible for administering a cloud-based IT resource
(including cloud services). The cloud resource administrator can be (or belong to) the cloud consumer or cloud provider
of the cloud within which the cloud service resides. Alternatively, it can be (or belong to) a third-party organization
contracted to administer the cloud-based IT resource.

Addition Roles:
• Cloud Auditor – A third-party (often accredited) that conducts independent assessments of cloud environments assumes
the role of the cloud auditor. The typical responsibilities associated with this role include the evaluation of security
controls, privacy impacts, and performance. The main purpose of the cloud auditor role is to provide an unbiased
assessment (and possible endorsement) of a cloud environment to help strengthen the trust relationship between cloud
consumers and cloud providers.
• Cloud Broker – This role is assumed by a party that assumes the responsibility of managing and negotiating the usage of
cloud services between cloud consumers and cloud providers. Mediation services provided by cloud brokers include
service intermediation, aggregation, and arbitrage.
• Cloud Carrier – The party responsible for providing the wire-level connectivity between cloud consumers and cloud
providers assumes the role of the cloud carrier. This role is often assumed by network and telecommunication providers.
While each is legitimate, most architectural scenarios covered in this book do not include these roles.

Boundary
An organizational boundary represents the physical perimeter that surrounds a set of IT resources that are owned and
governed by an organization. The organizational boundary does not represent the boundary of an actual organization,
only an organizational set of IT assets and IT resources. Similarly, clouds have an organizational boundary.

Trust Boundary
When an organization assumes the role of cloud consumer to access cloud-based IT resources, it needs to extend its trust
beyond the physical boundary of the organization to include parts of the cloud environment.
A trust boundary is a logical perimeter that typically spans beyond physical boundaries to represent the extent to which
IT resources are trusted. When analysing cloud environments, the trust boundary is most frequently associated with the
trust issued by the organization acting as the cloud consumer.

Cloud Characteristics:
The following six specific characteristics are common to the majority of cloud environments: • on-demand usage
• ubiquitous access • multitenancy (and resource pooling) • elasticity • measured usage • resiliency
  On-demand usage is the ability of a cloud consumer to self-provision and use necessary cloud-based services without
requiring cloud provider interaction. This characteristic is related to measured usage, which represents the ability of a
cloud to measure the usage of its IT resources.
• Ubiquitous access allows cloud-based services to be accessed by diverse cloud service consumers, while multitenancy is
the ability of a single instance of an IT resource to transparently serve multiple cloud consumers simultaneously.
• The elasticity characteristic represents the ability of a cloud to transparently and automatically scale IT resources out or
in. Resiliency pertains to a cloud’s inherent failover features.

Cloud Delivery models:

Many specialized variations of the three base cloud delivery models have emerged, each comprised of a distinct
combination of IT resources. Some examples include:
• Storage-as-a-Service
• Database-as-a-Service
• Security-as-a-Service
• Communication-as-a-Service
• Integration-as-a-Service
• Testing-as-a-Service
• Process-as-a-Service
 Cloud Deployment models:

 A public cloud is owned by a third party and generally offers commercialized cloud services and IT resources to cloud
consumer organizations.
 A private cloud is owned by an individual organization and resides within the organization’s premises.
 A community cloud is normally limited for access by a group of cloud consumers that may also share responsibility in
its ownership.
 A hybrid cloud is a combination of two or more other cloud deployment models.

Additional variations of the four base cloud deployment models can exist. Examples include:
• Virtual Private Cloud – Also known as a “dedicated cloud” or “hosted cloud,” this model results in a self-contained
cloud environment hosted and managed by a public cloud provider, and made available to a cloud consumer.
• Inter-Cloud – This model is based on an architecture comprised of two or more inter-connected clouds.