Cloud Deployment & Service Models – Exam Review

Cloud Computing Essentials

  • NIST Definition (SP 800-145)
    • On-demand, self-service access to shared, configurable resources
    • Rapid provisioning/release with minimal management effort

  • Five Essential Characteristics
    • On-demand self-service
    • Broad network access
    • Resource pooling (multi-tenancy)
    • Rapid elasticity
    • Measured service

  • Three Service Models
    • Software as a Service (SaaS)
    • Platform as a Service (PaaS)
    • Infrastructure as a Service (IaaS)

  • Four Deployment Models
    • Private
    • Community
    • Public
    • Hybrid

Typical Commercial Terms of Service

  • Promises: availability, data preservation, no data resale
  • Limitations: scheduled outages, force-majeure, security risk on consumer
  • Obligations: acceptable use, licensing, payments
  • Recommendations: clarify terminology, compliance needs, backups, negotiated SLAs

NIST Cloud Reference Model (CRM)

  • High-level, vendor-neutral framework; focuses on “what”, not “how”
  • Defines five actors: Cloud Consumer, Provider, Auditor, Broker, Carrier
  • Four taxonomy levels: Roles → Activities → Components → Sub-components

Actor Roles

  • Consumer – selects, contracts, uses, pays
  • Provider – deploys, orchestrates, manages service; ensures security & privacy
  • Auditor – independently verifies security, privacy, performance compliance
  • Broker – selects/aggregates/intermediates services; negotiates SLAs
  • Carrier – supplies connectivity & transport; bound by provider SLAs

Provider Activities

  • Service Deployment: private, public, community, hybrid
  • Service Orchestration: business → application → infrastructure layers
  • Cloud Service Management: business support, provisioning, portability, monitoring
  • Security & Privacy: span all layers, shared responsibility with consumer

Scope of Control (Consumer vs Provider)

LayerSaaSPaaSIaaS
ApplicationProviderConsumerConsumer
MiddlewareProviderProviderConsumer
OSProviderProviderConsumer
Hypervisor/HardwareProviderProviderProvider

Private-cloud variants shift perimeter control (on-site vs outsourced).

Service-Model Snapshots

SaaS

  • Users: end-users & org admins
  • Gets: on-demand apps + managed data
  • Fees: users, time, executions, records, bandwidth, storage
  • Benefits: zero install, central data, licence efficiency
  • Concerns: browser risk, vendor lock-in, multi-tenant isolation
  • Key Recs: data location & encryption, secure deletion, device hygiene

PaaS

  • Users: devs, testers, deployers, admins, end-users
  • Gets: dev tools, runtimes, execution resources
  • Fees: users, roles, resource/time use, requests
  • Benefits: scalable dev+deploy, lower ops overhead
  • Concerns: portability, dependency, browser risk
  • Key Recs: standard interfaces, secure frameworks, data deletion

IaaS

  • Users: system admins
  • Gets: VMs, storage, virtual networks
  • Fees: CPU, memory, storage, bandwidth, time
  • Benefits: full VM control, cost flexibility, portability
  • Concerns: VM sprawl, isolation robustness, dynamic network security
  • Key Recs: multi-tenant controls, admin access governance, VM migration plan

Open Issues & Risks

  • Performance & latency, offline sync
  • Reliability, provider outages, disaster recovery
  • Compliance, data location, jurisdiction, forensics
  • Security: unintended disclosure, multi-tenancy, key mgmt, browser threats
  • Interoperability & workload portability
  • Business continuity & SLA evaluation

General Recommendations

  • Management: data migration, ops continuity, staffing
  • Legal: usage policies, licensing, jurisdiction
  • Data Governance: separation, integrity, recovery
  • Security: physical, access control, visibility, patching
  • VM Security: vulnerabilities, live migration handling

Key References

  • NIST SP 800-145800\text{-}145: Cloud Definition
  • NIST SP 500-292500\text{-}292: Cloud Reference Architecture
  • NIST SP 800-146800\text{-}146: Synopsis & Recommendations