Introduction

Federal Chief Information Officer (CIO) Vivek Kundra orchestrate the National
Institute of Standards and Technology (NIST) with technical support from US
government (USG) agency to develop cloud computing standards. A three service
models taxonomy is offered by the NIST which is available to cloud consumers:
software as a service (SaaS), platform as a service (PaaS), and infrastructure as a
service (IaaS). It is a high-level conceptual model for discussing the structures,
operations and requirements of cloud computing. This is based on actor/role model
which is proposed to serve the hopes of the stakeholders. The NIST architecture
design objectives are: to illustrate and understand the numerous cloud services of
cloud computing and its conceptual models; to technically assist USG agencies and
other consumers to understand, compare and categorize cloud services; and to
enable the analysis of standards for portability, security, interoperability, and
reference implementations.

Cloud computing reference Architecture: An overview

2.1 The Conceptual Reference Model
Five major actors are defined by the NIST cloud computing reference architecture
which includes: cloud consumer, cloud provider, cloud carrier, cloud auditor and
cloud broker which are discussed below.

2.2 cloud consumer:

The cloud consumer is any individual or organization which built a
relationship with cloud provider and uses his services on the pay as you go
basis. To maintain the trust between two parties SLA is signed based on
policies and pricing which are non-negotiable.
The cloud consumers can use all services including SaaS, PaaS, and IaaS.
SaaS users can be organization or software applications administrators who
configure applications for end users, PaaS users can be application
developers, testers, deplorers and application administrators, who develop,
test, deploy, and manage the applications.
The consumers of IaaS are system administrator, IT managers and system
developers who install, create, manage and monitor services.
2.3 Cloud provider:
A Cloud Provider owns, manage and control the computing infrastructure to
facilitates its consumer with many services. For SaaS, the cloud provider
configures, deploys, maintains and updates the operation of the software
applications to meet the needs of consumers.
For PaaS, the computing infrastructure is managed by cloud provider, which
also provides deployment and management tools such as integrated
development environments (IDEs), software development kits (SDKs) to
supports the creation, management and deployment process of the PaaS
Cloud. For IaaS, the physical computing resources are provided by the Cloud
Providers, including the servers, networks, storage and hosting
infrastructure.
2.4 cloud auditor:
A cloud auditor performs an autonomous inspection of cloud services and
assess the services in respect of performance, security provided by a cloud
provider. And also provides protection to confidentiality and integrity of data
and information and ensure the availability of services for potential
customers.
2.5 Cloud Broker:
it is mediator between cloud provider and cloud consumer that accomplishes
the use, performance and delivery of cloud services and negotiates
relationships between them. The services provided by the cloud broker can
be categorized in three ways.

Service Intermediation: enhancement of services

Service Aggregation: integration of services into one or many services.

Service Arbitrage: works like service aggregation but independent in

selection of multiple services for aggregation

2.6 Cloud Carrier:

A cloud carrier is a middleman which is responsible for providing connectivity

medium to cloud services between cloud consumers and cloud providers
through the dedicated and secure
network.

2.7 Scope of Control between Provider and Consumer:

The cloud provider and cloud consumer shares the control in a cloud system.
At the application layer the SaaS consumers uses applications while
applications are managed and controlled by PaaS and IaaS consumers and
SaaS providers. In the middleware layer the middleware is used by PaaS
consumers, while managed by IaaS consumers or PaaS providers, and
concealed from SaaS consumers.
The OS layer consist of operating system and drivers, which is hidden from
SaaS and PaaS consumers only used by IaaS consumers. where the IaaS
consumer is responsible for the guest OSs, while the IaaS provider have full
control of the host OS.
3. Cloud computing reference architecture: Architectural
components

3.1 Service Deployment:

There are some major deployment models including public, private,

community, and hybrid clouds in which a cloud infrastructure can be
operated. In a public cloud the cloud infrastructure and computing resources
are available over a public network to the public. It is owned by an
organization which sell the cloud services, and serves a various client. A
private cloud gives the exclusive access to a single Cloud Consumers which
can be managed by the same organization or third party. A community cloud
gives its services to a group of Cloud Consumers based on shared concerns
for instance security, privacy, mission objectives and compliance policy. Like
private clouds, a community cloud can be managed by the organizations or
third party. A hybrid cloud is a alignment of two or more clouds that remain
as separate units but are bonded together by standardized technology that
empowers application and data portability.

3.2 Service Orchestration:

To provide cloud services to Cloud Consumers Service Orchestration refers to

the arrangement of system components to provision the Cloud Providers
activities in coordination, arrangement and management of computing
resources.

In this representation, a three-layered model is used, the service layer is

where interfaces are defined to access the computing services by Cloud
Providers for Cloud Consumers. resource abstraction and control layer
holds the system components used by Cloud Providers to manage and
provide access through software abstraction to the physical computing
resources. The efficient, secure, and reliable usage of the underlying physical
resources is ensured by the resource abstraction. The physical resource
layer, which contains all the physical computing resources including
hardware resources, as storage components, computers and other physical
computing infrastructure elements. Other components include facility
resources, such as ventilation, heating and air conditioning (HVAC),
communications and power.

3.3 Cloud Service Management: Cloud Service Management contains all

the service-related roles which are needed for the operation and
management of those services essential to cloud consumers.

3.3.1 Business Support

Business Support is based on some business-related services which deals
with clients and its supportive processes.
Customer management: managing customer accounts, user profiles,
customer relationships and resolves customer issues and problems
Contract management: managing service contracts.
Inventory Management: manage and set up service catalogs.
Accounting and Billing: Managing customer billing information.
Reporting and Auditing: Monitoring user operations, generate reports.

Pricing and Rating: determine prices and evaluate cloud services.

3.3.2 Provisioning and Configuration

Rapid provisioning: deployment of cloud systems automatically

Resource changing: configuration/resource assignment for upgrades, repair
and connecting new nodes with the cloud.
Monitoring and Reporting: Discover and monitor virtual resources for cloud
operations.
SLA management: Encircling the SLA contract definition, SLA monitoring and
SLA enforcement.

3.3.3 Portability and Interoperability

For portability customers want to know whether their applications and data is
moveable across multiple cloud environments at low cost and minimal
disruption. From an interoperability, users are anxious about the ability to
communicate between or among several clouds.

There should be a mechanism to support data portability, service

interoperability, and system portability from cloud providers. Data portability
make cloud consumers able to copy data objects into or out of a cloud.
Service interoperability allows cloud consumers to make use of their services
and data across multiple cloud providers with integrated management
interface. System portability make it possible to migrate a fully-stopped
virtual machine instance from one provider to another provider.

3.4 Security:

Security requirements including authorization, authentication, availability,

identity management, confidentiality, integrity, security monitoring, audit,
security policy management and incident response are yet to be addressed
by Cloud-based systems.
3.4.1 Cloud Service Model Perspectives: The impact of cloud services
models for the different issues in security design and implementation is very
much considerable.

3.4.2 Implications of Cloud Deployment Models: The cloud deployment

models variations also have important security implication as well
.
3.4.3 Shared Security Responsibilities: The split of control between both
parties (cloud provider and consumer) now share the responsibilities in
providing satisfactory protections to the cloud-based systems. So, Security is
a shared responsibility of both the parties now.

3.5 Privacy:

The consistent collection, proper use, processing and disposition of

personally identifiable information (PII) and personal information (PI) should
be assured by cloud providers in the cloud. There are many flexible solutions
provided by cloud computing for shared resources, software and information
though, but loop wholes always exist.