Understanding Cloud Management

Cloud Services are increasingly important as part of our identity and access management system, as we discussed, partly relating to the increased offer of services online. The initial cloud specification for deployment model, service models, and characteristics were defined by NIST in the standard special publication 800-145. So the characteristics defined by NIST in SP 800-145 were that they should be on demand. Here, the user can unilaterally provision computing capabilities, such as server time, network storage, as they want to without the need for human interaction with each individual service provider. The capabilities should be available over the network, so broad network access that they can be accessed. Typically, we’re talking about with public cloud solutions across the internet.

So people can access them across the internet, used by thick clients, thin clients, mobile phones. So the breadth relates to the deployment model. And it may not be that broad if we’re looking at a private cloud solution. Typically, we’re looking at public cloud or hybrid cloud. The resource pooling is where the service provider has a huge array of capabilities and generates economies of scale from this. The provider’s computing resource here is pulled. They can be serving multiple customers in a multitenant environment. And the resources are segmented between the different customers and are dynamically assigned and reassigned according to that self-provisioning, according to that demand.

So we have a sense of independence in that the customer can view each service in isolation, but the service provider is generating that huge scale. We have rapid elasticity as a characteristic of cloud services. The elasticity refers to the fact that the capabilities of the cloud service can be changed dynamically. They can be added to or removed, they can be extended or reduced as needed. In some cases, this happens invisibly. When we look at software as a service, typically this is invisible to the end user. If you use more space, it’s dynamically proficient. In some cases, where we’re looking at platform as a service, infrastructure as a service, this is an active change.

This is something that the consumer decides to extend. If we have, for example, a server that we have spun up in a cloud environment with Microsoft, Google or Amazon, all of whom offer these kind of cloud services, and others do, we can choose how many processes our device has, how much memory our device has. And for me, were I to provision a service on-prem, locally, in my data centre, our data centre, then if I wanted to add additional processes, I would have to match them. I would have to find the right hardware, I would have to order them, I would have to wait for the delivery of them. So we’re talking about days for the extension.

In a cloud environment, it’s as easy as going into the Management Console and changing the capabilities. Clicking the dial from one to two processes. In some instances, with some of these changes, we don’t even have an interruption to the service, it’s that dynamic. Also, as a characteristic of cloud services, cloud services naturally are measured. Partly, they should be measured. As a service provider, you want to make sure that you are going to cover your costs. And so you need to understand what the consumers are drawing down. So typically, these cloud services are measuring what kind of service you’re drawing down, the number of processes, the amount of memory, the amount of bandwidth.

All of these things can comprise what element is measured. The number of active users. So resource usage can be monitored. It can be controlled. It can be reported. And you have the elasticity to increase or decrease, if desired, if you have the budget to pay for the additional services. Additionally, we have the different cloud deployment models. We’ve kind of touched on these on that last slide. We have public, private, community and hybrid. Again, these are defined within the NIST special publication. For public cloud, the Cloud Infrastructure is provisioned for the use by everybody across the internet, by the general public. So it can be owned and operated by an individual organization. But actually, it’s provisioned for use by everybody.

A private cloud is provisioned for the exclusive use of a single organization. So this is almost like outsourcing the management of your systems.

So this provider can manage, discreetly, different private clouds, but they remain segmented. We have a community cloud. So this is where a cloud infrastructure is provided for a group of users, a community of users, that have shared interests. And it could be owned or managed collectively by them or separately, or by third party. And this could be locally, it could be remotely. Hybrid clouds are some mix of the above models. So this is where we’re blending at least two or more of the above public, private, and community models. And here, we bind them together through some kind of technology. And so this may be where we’re mixing different types of cloud services together to form a single offer.

So these four offers are the four that are defined within the NIST special publication. Typically, the ones that we see most often, far and away most often, is the public cloud deployment model, where anybody can draw down that service. The obvious concern, caveats that we need to make with the public cloud, relates directly to our identity and access management, which is ensuring that only the right people have access to our services and to our information.