Communications - June 2010

The NIST Definition of Cloud Computing

By Peter Mell and Tim Grance Cloud computing is still an evolving paradigm. its definitions, use cases, underlying technologies, issues, risks, and benefits will be refined in a spirited debate by the public and private sectors. These definitions, attributes, and characteristics will evolve and change over time. The cloud-computing industry represents a large ecosystem of many models, vendors, and market niches. The following definition attempts to encompass all of the various cloud approaches.

essentiaL chaRacteRistics

On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service’s provider.

Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (for example, mobile phones, laptops, and PDAs).

Resource pooling. The provider’s
computing resources are pooled to serve
multiple consumers using a multitenant
model, with different physical and
virtual resources dynamically assigned
and reassigned according to consumer
demand. There is a sense of location
independence in that the customer
generally has no control or knowledge
over the exact location of the provided
resources but may be able to specify
location at a higher level of abstraction
(for example, country, state, or data
center). examples of resources include
storage, processing, memory, network
bandwidth, and virtual machines.

seRVice moDeLs

Cloud SaaS (Software as a Service). The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a Web browser (for example, Web-based email). The consumer does not manage or control the underlying cloud infrastructure, including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.

Cloud PaaS (Platform as a Service).

The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure, including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application-hosting environment configurations.

Cloud IaaS (Infrastructure as a Service).

The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (for example, host firewalls).

DePLo Yment moDeLs

Private cloud. The cloud infrastructure is operated solely for an organization. it may be managed by the organization or a third party and may exist on or off premise.

Community cloud. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (for example, mission, security requirements, policy, and compliance considerations). it may be managed by the organizations or a third party and may exist on or off premise.

Public cloud. The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.

Hybrid cloud. The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (for example, cloud bursting for load balancing between clouds).

note: Cloud software takes full advantage of the cloud paradigm by being service oriented with a focus on statelessness, low coupling, modularity, and semantic interoperability.

Peter Mell and Tim Grance are with the national Institute of Standards and Technology, Information Technology Laboratory, gaithersburg, MD.

lenges include the ability to provide
audit trails across these environments
for regulatory compliance and digital
forensic purposes, enforcement, and
awareness of differing levels of zones
among development, test, and pro-
duction environments to protect the
integrity of services deployed in the
higher-level environments, as well as
controlling whom is authorized to ex-
pand or contract a service within one
of these environments. This last chal-
lenge could pose particular financial
issues in the elastic “pay by the drink”
service model if, for example, users are
able to add services at will and an or-
ganization gets a bill at the end of the
month for excessive service additions.