1 NIST Cloud Computing Reference Architecture & Taxonomy Working Group Robert Bohn Information Technology Laboratory June 21, 2011
2 2 Outline Cloud Background Objective Working Group background NIST Cloud Computing Reference Architecture Actors Roles Activities & Functions NIST Cloud Computing Taxonomy Next Steps
3 3 Cloud Background Technological Maturity Economic Standards Driven Data Portability Interoperability Security Cloud to Cloud interaction USG needs a starting point A Reference
4 4 Objective Develop a vendor neutral reference architecture consistent with the NIST Cloud Computing definition Models - SaaS, Paas, Iaas Deployment models - Public, Private, Community, Hybrid Necessary Characteristics On demand self-service Broad network access Resource Pooling Rapid Elasticity Measured Determine the What of Cloud Computing, not the How A Cloud
5 Reference Architecture &Taxonomy Working Group Background 5 Kick off Meetings: January 10 & 12, Reference Architecture, 11 Taxonomy meetings Mailing list membership: Ref Arch 498, Tax 411 Organizations >215 US Army, DHS, DOJ,DOT, NARA, NASA, NSA, EMC, GSA, ATT, Amazon, CA Technologies, Cisco, HP, IBM, Intel, Microsoft, Oracle, VmWare, Virtual Global, TM Forum, IEEE, CSA, Tech America, Johns Hopkins University, Deloitte, Fujitsu, SAIC, BAH, etc
6 6 Acknowledgements Dr. Fang Liu, Jin Tong, Dr. Jian Mao: Knowcean Consulting Inc. Dr. Robert Bohn, John Messina: NIST ITL Dawn Leaf, NIST Senior Executive for Cloud Computing With broad contributions from members of the NIST Reference Architecture and Taxonomy Working Group and the Reference Architecture Analysis Team: Randy Baklini, Gregg Brown, Frederic De Vaulx, Michele Drgon, Anne Frantzen, Babak Jahromi, Dean Kemp, Cary Landis, Eugene Luster, Bob Marcus, Gary Mazzaferro, Hung Nguyen, Marlin Pohlman, Alan Sill, Ken Stavinoha, Pat Stingley, Tom Young and Jay Levine
7 NIST Cloud Computing Reference Architecture Actors and their Roles Cloud Consumer Person or organization that maintains a business relationship with, and uses service from Cloud Providers. Cloud Auditor A party that can conduct independent assessment of cloud services, information system operations, performance and security of the cloud implementation. Cloud Provider Person, organization or entity responsible for making a service available to Cloud Consumers. 7 Cloud Broker An entity that manages the use, performance and delivery of cloud services, and negotiates relationships between Cloud Providers and Cloud Consumers. Cloud Carrier The intermediary that provides connectivity and transport of cloud services from Cloud Providers to Cloud Consumers.
9 9 Cloud Consumer/Provider Activities Model SaaS PaaS IaaS Consumer Activities Uses application/service for business process operations Develops, tests, deploys and manages applications hosted in a cloud environment Creates/installs, manages and monitors services for IT infrastructure operations Provider Activities Installs, manages, maintains and supports the software application on a cloud infrastructure. Provisions and manages cloud infrastructure and middleware for the platform consumers; provides development, deployment and administration tools to platform consumers. Provisions and manages the physical processing, storage, networking and the hosting environment and cloud infrastructure for IaaS consumers.
11 11 Cloud Provider Deployment A cloud system can be operated in one of the following four deployment models: Private cloud: The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise. Community cloud: The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on premise or off premise. Public cloud: The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. Hybrid cloud: The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).
12 12 Example s Available to a Cloud Consumer Billing ERP Human Resources Social Networks Sales Financials CRM Content Management Cloud Provider Collaboration Document Management SaaS Consumer & Office Productivity Database Storage s Management Business Intelligence Application Deployment CDN Platform Hosting Development & Testing PaaS Consumer Integration Backup & Recovery IaaS Consumer Compute
13 13 Cloud Provider Orchestration Layer SaaS Biz Process/ Operations App/Svc App/Svc Usage Usage Scenarios Scenarios Software as a PaaS IaaS Platform as a Application Development Develop, Test, Deploy and Manage Usage Scenarios Resource Abstraction and Control Layer Cloud Provider Physical Resource Layer Infrastructure as a Hardware IT Infrastructure/ Operation Create/Install, Manage, Monitor Usage Scenarios Facility
14 Cloud Provider Cloud Management 14 Cloud Management Business Support Customer Mgmt Provisioning /Configuration Portability /Interoperability Data Portability Cloud Consumers Contract Mgmt Rapid Provisioning Resource Change Copy Data To-From Bulk Data Transfer Inventory Mgmt Accounting & Billing Monitoring & Reporting Interoperability Unified Management Interface Reporting & Auditing Metering System Portability Cloud Brokers Pricing & Rating SLA Management VM Images Migration App/Svc Migration
15 15 Security Cloud Provider Security & Privacy Authentication and Authorization: Authenticate and authorize cloud consumers using credentials that have been established previously. Availability: Ensure timely and reliable access to and use of information. Confidentiality: Protect the confidentiality of the data objects written into clouds by preserving authorized restrictions on access and disclosure. Identity management: Enforce identity and access control policies on users accessing cloud. Integrity: Guard against improper information modification or destruction, and include ensuring information non-repudiation and authenticity. Security monitoring & Incident Response: Conduct ongoing automated monitoring of the cloud provider infrastructure to demonstrate compliance with cloud-consumer security policies and auditing requirements. Security policy management: Configure/generate/enforce/audit/update security policies on users accessing clouds. Privacy Protect the assured, proper, and consistent collection, processing, communication, use and disposition of personal information (PI) and personally identifiable information (PII) on the cloud.
16 Cloud Auditor A cloud auditor can evaluate the services provided by a cloud provider in terms of security controls, privacy impact, performance, etc. For security auditing, a cloud auditor can make an assessment of the security controls in the information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. Auditing is especially important for federal agencies and agencies should include a contractual clause enabling third parties to assess security controls of cloud providers (by Vivek Kundra, Federal Cloud Computing Strategy, Feb ). 16
17 17 Cloud Broker As cloud computing evolves, the integration of cloud services can be too complex for cloud consumers to manage. The major services provided by a cloud broker include: Arbitrage: arbitrage is similar to service aggregation, with the difference in that the services being aggregated aren t fixed. arbitrage allows flexible and opportunistic choices for the broker. For example, the cloud broker can use a credit-scoring service and select the best score from multiple scoring agencies. Intermediation: A cloud broker enhances a given service by improving some specific capability and provides the value-added service to cloud consumers. Aggregation: A cloud broker combines and integrates multiple services into one or more new services. The broker will provide data integration and ensure the secure data movement between cloud consumer and multiple cloud providers.
18 18 Cloud Carrier Provide access to cloud consumers through network, telecommunication and other access devices, eg: Network access devices include computers, laptops, mobile phones, mobile internet devices (MIDs), etc. Arranges Level Agreements (SLAs) with a cloud provider to provide a consistent level of service and may be required to provide dedicated and encrypted connections. Distribution can be provided by network and telecomm carriers or a transport agent.
20 20 Taxonomies Taxonomy: The science of categorization, or classification, of things based on a predetermined system. (Webopedia) Main Attributes: Typically a controlled vocabulary with a hierarchical tree-like structure Terms in a taxonomy have relationships with other terms Usually in the form of a parent (broader) / child (narrower) Benefits: Encompasses and labels all significant concepts within a given domain Allows users to understand the context of each label
21 21 RA Taxonomy
22 Examples Terms and Definitions 22 Level 1: Cloud Provider Person, organization or higher-level system responsible for making a service available to service consumers. Level 2: Cloud Management Cloud Management includes all the service-related functions that are necessary for the management and operations of those services required by or proposed to customers. Level 3: Public Cloud - The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. [NIST Definition of Cloud Computing] Level 4: Data Portability The ability to transfer data from one system to another without being required to recreate or reenter data descriptions or to modify significantly the application being transported. [Federal Standard 1037C]
23 23 Next Steps Summary: The projected deliverables for the RA/Taxonomy Team by the end of September 2011 are: Version 2.0 of NIST Cloud Computing Reference Architecture which includes a more detailed description of security and privacy. Version 2.0 of NIST Cloud Computing Taxonomy which includes Security & Privacy Updated SaaS taxonomy to reflect USG Business Use Cases. Newly identified SLA taxonomy to support USG Document NIST Cloud Computing Reference Architecture Analysis of USG Target Business Use Cases
24 Questions? Information Technology Laboratory Cloud 24 Computing Program
Special Publication 500 291 NIST Cloud Computing Standards Roadmap National Institute of Standards and Technology NIST Cloud Computing Standards Roadmap Working Group Michael Hogan Fang Liu Annie Sokol
Special Publication 500-291, Version 2 NIST Cloud Computing Standards Roadmap NIST Cloud Computing Standards Roadmap Working Group NIST Cloud Computing Program Information Technology Laboratory This page
ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information
FRAUNHOFER INSTITUTE FOR OPEN COMMUNICATION SYSTEMS Cloud Concepts for the Public Sector in Germany Use Cases Peter Deussen, Klaus-Peter Eckert, Linda Strick, Dorota Witaszek Fraunhofer Institute FOKUS
White Paper on CLOUD COMPUTING INDEX 1. Introduction 2. Features of Cloud Computing 3. Benefits of Cloud computing 4. Service models of Cloud Computing 5. Deployment models of Cloud Computing 6. Examples
Special Publication 800-145 The NIST Definition of Cloud Computing Recommendations of the National Institute of Standards and Technology Peter Mell Timothy Grance NIST Special Publication 800-145 The NIST
Seeing Though the Clouds A PM Primer on Cloud Computing and Security NIH Project Management Community Meeting Mark L Silverman Are You Smarter Than a 5 Year Old? 1 Cloud First Policy Cloud First When evaluating
The Hybrid Cloud: Bringing Cloud-Based IT Services to State Government October 4, 2009 Prepared By: Robert Woolley and David Fletcher Introduction Provisioning Information Technology (IT) services to enterprises
AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
JULY 29, 2013 AUDIT REPORT OFFICE OF AUDITS NASA S PROGRESS IN ADOPTING CLOUD-COMPUTING TECHNOLOGIES OFFICE OF INSPECTOR GENERAL National Aeronautics and Space Administration REPORT NO. IG-13-021 (ASSIGNMENT
JANUARY 2013 REPORT OF THE DEFENSE SCIENCE BOARD TASK FORCE ON Cyber Security and Reliability in a Digital Cloud JANUARY 2013 Office of the Under Secretary of Defense for Acquisition, Technology, and Logistics
From Science to Solutions Cloud Computing Cluster Introduction to Cloud Computing Rick Martin, Co-chair, Cloud Computing Cluster August 26, 2013 Senior IT Strategist SAIC What is Cloud Computing? Cloud
Your Place or Mine? In-House e-discovery Platform vs. Software as a Service Technology & Business Overview of Cloud Computing Janine Anthony Bowen, Esq. Jack Attorneys & Advisors www.jack-law.com Atlanta,
Cloud Service Level Agreement Standardisation Guidelines Brussels 24/06/2014 1 Table of Contents Preamble... 4 1. Principles for the development of Service Level Agreement Standards for Cloud Computing...
Cloud Computing Uncovered: A Research Landscape MOHAMMAD HAMDAQA AND LADAN TAHVILDARI Software Technologies Applied Research (STAR) Group, University of Waterloo, Waterloo, Ontario, Canada Abstract The
Supporting Public Service Reform Cloud Computing Strategy June 2012 The Programme for Government and the Public Service Reform Plan highlight Information and Communications Technologies (ICT) as key enablers
Capitals in the Clouds The Case for Cloud Computing in State Government Part I: Definitions and Principles State government is actively pursuing cloud computing as an innovation it can exploit in balancing
Office of the Chief Information Security Officer Centers for Medicare & Medicaid Services 7500 Security Boulevard Baltimore, Maryland 21244-1850 Risk Management Handbook Volume III Standard 3.2 FINAL Version
White Paper Secure Cloud Hosting: Best Practices Enterprise Messaging Solutions Infinite Convergence By Jagannath Rao & Pankaj Jaiswal April 2013 Contents Executive Summary... 3 Introduction to Cloud Service...
Kent State University s Cloud Strategy Table of Contents Item Page 1. From the CIO 3 2. Strategic Direction for Cloud Computing at Kent State 4 3. Cloud Computing at Kent State University 5 4. Methodology
Special Publication 800-146 Cloud Computing Synopsis and Recommendations Recommendations of the National Institute of Standards and Technology Lee Badger Tim Grance Robert Patt-Corner Jeff Voas NIST Special
WHITE PAPER IT Governance and the Emergence of Cloud Computing May 2011 IT governance and the emergence of cloud computing: using project and portfolio management to make effective cloud decisions Steven
WHITE PAPER An Introduction to Cloud Computing in the Federal Public Sector AUGUST 2010 2010 BY APPTIS, INC. ALL RIGHTS RESERVED. The intended audience of this document comprises senior technical executives,
RESPONSIVE ENTERPRISE COMPUTING SERVICES Cloud Solutions A Silver Lining for Intelligence Missions Salient Federal Solutions Proprietary Information For comments or questions regarding this white paper,