How cloudy is your cloud? The NIST offers a cloud standard

John Joyner warns fellow IT pros that either you eat the cloud or the cloud eats you! A new NIST cloud definition may help you evaluate and compare the cloud solutions that are likely to figure in to your IT future.

Undoubtedly the most used marketing phrases in the last year have involved cloud computing as a valuable feature of various software and services for sale. Some see this trend as "evolutionary" for IT, a natural next-step following the widespread adoption of virtualization and the profusion of high-speed bandwidth. Others view cloud computing as another word for host-based computing, in effect, a return full-circle to the fifty-year old model of input/output (I/O) devices connected to a shared mainframe. But this time, we have a wide variety of useful, even fun I/O devices like smartphones and tablets, and the connection to the shared cloud is wireless and fast!

Both schools of thought (evolution and full-circle) are true, as well as recognizing that the paradigms shifting (because of cloud computing) are natural and unstoppable phenomena — to be embraced or be sacrificed to. Start eating cloud or be eaten by it! This message in many forms is finding its way to all corners of the IT ecosystem. IT careers that don't involve the cloud are expected to have shorter lifetimes, much as the demand for on-site electric generator operators declined when central electrical utility service became available to manufacturing plants in the mid-19th century.

Whether you are framing an IT career, or more likely, contemplating building your own cloud(s), or comparing the cloud offering of one vendor to the competition, it's imperative that your decisions are based on reason and research. We don't want to invest based on fear, uncertainty, or the latest marketing pitch we heard on how well a particular vendor's cloud solution matches their definition of ‘the cloud'. What would help is a definition-based standard, to which you can compare a particular cloud-based opportunity or offering.

There is an independent scientific authority that has published a draft definition of cloud computing: the National Institute of Standards and Technology (NIST). By comparing the characteristics of a solution under evaluation to the vendor-neutral NIST cloud computing model, you can validate both (1) that the solution meets the minimum standards of architecture and workflow to be called a cloud solution and (2) just how "cloudy" the solution really is!

Taking the fog out of the cloud

The essence of the NIST cloud definition can be condensed to one sentence:

Private, Public or Hybrid clouds — featuring On Demand Self-Service, Broad Network Access, Rapid Elasticity, Resource Pooling, and Measured Service — deploy Infrastructure, Platform, or Software services.

If you apply this simple proof test against any particular system, you can more confidently assess its cloud-worthiness. Solutions that have all the essential characteristics, and are deployed with the appropriate cloud and service delivery models, will have the highest chance of success in the marketplace and in your business.

The NIST cloud definition shown in Figure A recognizes several types of cloud deployment models such as public and private clouds. This is the simplest part of the definition and logically refers to who owns and operates the components of the cloud, such as the datacenter. Note that a private cloud can be on-premise or off-site, and be managed by either your IT staff or outsourced to a service provider — what makes it a private cloud is that it exists to serve only one organization.

Figure A

Clouds have five (5) essential characteristics, regardless of deployment or service model.

Essential characteristics of cloud service models

Regardless of the type of cloud deployment model used, a cloud solution needs to deliver value based on one of three recognized service models: Infrastructure, Platform, or Software as a Service (IaaS, PaaS, or SaaS). These models make clear the demarcation line of responsibility for various components between the cloud provider and the user. The user has the most involvement in the IaaS model, and the least in the SaaS model.

  • In the SaaS model, the user just consumes software, just as running a web-mail client. Anyone using Google's Gmail or Microsoft's Hotmail can understand SaaS.
  • In the IaaS model, the user needs to assemble and maintain the cloud-hosted infrastructure components such as virtual machines, storage pools, and firewalls, sometimes called the cloud fabric. Amazon Web Service (AWS) and Rackspace are leading providers of this model today.
  • The intermediate model, PaaS, lets users deploy their application on a cloud provider platform without managing the infrastructure. Microsoft's Windows Azure is an attractive PaaS platform for someone looking for a globally accessible, highly-available delivery infrastructure to run their application on.

Once you are clear on the cloud deployment and service models employed by a given solution, the acid test is whether the cloud exhibits all the essential characteristics defined by the NIST:

  • On-Demand Self Service: Users provision capabilities as needed and/or automatically, without human interaction by a service provider.
  • Broad Network Access: Standard network/Internet access mechanisms promote location-independent use by diverse platforms such as smartphones.
  • Resource Pooling: The service provider hosts compute, network, and storage resources in a model that supports multi-tenancy, with dynamic assignment and reassignment of resources according to demand.
  • Rapid Elasticity: Rapid scale out and scale back of resources; from the user's point of view, there are unlimited resources that are paid for based on the quantities actually consumed.
  • Measured Service: Resources are optimized and controlled with a metering capability, with transparent reports on consumption shared with the user.

Using the NIST cloud definition

As I mentioned in the beginning of the article, there are known to be many different visions of what cloud computing is or can become. Often these visions are influenced by individuals and organizations that have a lot of investment in a particular component of the cloud ecosystem, such as virtualization or networking. Someone trying to sell a cloud solution should be able to confidently and simply describe the deployment and service model for it, as well as match up the solution's features to the essential characteristics of the NIST cloud definition.

You might consider avoiding proposed cloud solutions with murky or unclear deployment or service models, as well as those missing one or more essential characteristics. Cloud solutions that pass the definition test can be evaluated fairly on their price-performance value. Figure A lists in the lower section "Common Characteristics" (not part of the NIST essential definition) additional qualities that can help you prioritize what cloud features are important to your organization.


John Joyner, MCSE, CMSP, MVP Cloud and Datacenter Management, is senior architect at ClearPointe, a cloud provider of systems management services. He is co-author of the "System Center Operations Manager: Unleashed" book series from Sams Publishing, ...

Editor's Picks