Deployment Models for the Cloud

What is Cloud computing and why is it important? According to Wikipedia:

Cloud computing is the on-demand availability of computer system resources, especially data storage (cloud storage) and computing power, without direct active management by the user. The term is generally used to describe data centers available to many users over the Internet. Large clouds, predominant today, often have functions distributed over multiple locations from central servers. If the connection to the user is relatively close, it may be designated an edge server.

This means that we can have a great amount of scalable hardware capabilities (e.g. CPU, memory, storage and network) hosted by different service providers, reducing the need to host and maintain own equipment. The Cloud computing model describes the environment, where the cloud applications and services can be installed in order to be available to the consumers. This type of infrastructure resource sharing between multiple organizations or consumers can be defined as multi-tenancy model. Public clouds can be the least expensive choice for application prototyping and hosting.

The National Institute of Standards and Technology (NIST) defines four cloud deployment modes:

  • private,
  • public,
  • community and
  • hybrid cloud.

The categories are seen in picture below.

NIST Cloud computing models small Picture 2. Deployment models.

The public cloud is a cloud infrastructure made available to the general public for a large group of individual users or small startups. The public cloud is often owned and maintained by a large industry organization and the resources are typically provisioned on dynamic and on-demand basis over the internet. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider. As the name suggest, the "cloud", i.e. the hardware (CPU, memory, storage, network) and software (Operating systems, applications, libraries) resources are shared within all the users.

The NIST definition of private cloud: cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises. Such infrastructure may be managed by the organization itself or by a service provider that takes care of the infrastructure on-site or off-site. Private clouds tends to be more expensive than public clouds, but private clouds may be better able to address the privacy and security concerns of the organizations these days.

In the Microsoft article the private cloud is defined as computing services offered either over the Internet or a private internal network and only to select users instead of the general public. Also called an internal or corporate cloud, private cloud computing gives businesses many of the benefits of a public cloud - including self-service, scalability, and elasticity - with the additional control and customization available from dedicated resources over a computing infrastructure hosted on-premises. In addition, private clouds deliver a higher level of security and privacy through both company firewalls and internal hosting to ensure operations and sensitive data are not accessible to third-party providers. One drawback is that the company’s IT department is held responsible for the cost and accountability of managing the private cloud. So private clouds require the same staffing, management, and maintenance expenses as traditional datacenter ownership.

The hybrid cloud cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds). There's a fine line between public and private cloud infrastructure, because it is sometimes hard to determine who controls which parts of the cloud and who the end-users are, and who has the control over the overall architecture, security and hardware of the cloud. Red Hat® OpenShift® is a well-known example of a hybrid cloud, which provides a private and public enterprise Kubernetes application platform. Many organizations make use of this model to quickly scale up and down IT infrastructure rapidly due to market reasons.

The community cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises.

When selecting the cloud deployment model, the cloud customer should be aware of issues concerning

  • data retention, ownership, handling and encryption: if the data is stored unencrypted in the cloud, the risk of data privacy is imminent. Thus unauthorized access of an intruder or malicious employee could be harmful. Also once the data is removed by the customer, it should be really removed from the provider infrastructure and not to allow residue that might expose sensitive data to unauthorized parties.
  • multitenancy: especially in public and community clouds, the shared environments increase security risk of unauthorized access to data and services. The shared infrastructure may also allow a single customer to hoard most of the cloud resources, or expose the whole community to targeted denial-of-service type attacks.
  • control over service: as a customer you may have a limited control and visibility of the administered infrastructure.
  • unclear responsibilities: when something disastrous happens, who is responsible for cleaning the mess.

The details should be defined in a Service-Level Agreement (SLA):

A service-level agreement (SLA) is a commitment between a service provider and a client. Particular aspects of the service – quality, availability, responsibilities – are agreed between the service provider and the service user. The most common component of an SLA is that the services should be provided to the customer as agreed upon in the contract. As an example, Internet service providers and telcos will commonly include service level agreements within the terms of their contracts with customers to define the level(s) of service being sold in plain language terms. In this case the SLA will typically have a technical definition in mean time between failures (MTBF), mean time to repair or mean time to recovery (MTTR); identifying which party is responsible for reporting faults or paying fees; responsibility for various data rates; throughput; jitter; or similar measurable details.

Selecting the deployment model can be a bit problematic at times, but it should be based on the needs of the organization or an individual.