• Cloud Computing Publications
• Cloud Computing for Business
• What is Cloud?
• Why Cloud?
• Establishing your Cloud Vision
• Buying Cloud Services
• Understanding Cloud Risk
• Building ROI from Cloud Computing
• The Challenge
• Cloud Computing in Use
• Glossary
• Printed Edition
• Referenced Documents
• Acknowledgements
• Legal
• Maximizing the Value of Cloud for Small-Medium Enterprises
• The Open Group Cloud Ecosystem Reference Model
• Cloud Computing Portability and Interoperability
• Cloud Computing Governance Framework
• Building Return on Investment from Cloud Computing
• Cloud Computing White Papers

---

Open Platform 3.0^™ Publications

The Cloud Computing Work Group

Open Platform 3.0^™ Home

Cloud Computing for Business – What is Cloud?

 

Cloud computing is the latest major evolution in computing. It is a paradigm where computing resources are available when needed, and you pay for their use in much the same way as for household utilities. Just as water is piped to your home and you pay for as much or as little as you use, cloud computing resources are available whenever needed and charges are based on how much you use them. When you turn it off, the water that you would have used is available for use by others and, in the same way, shared cloud resources can be used by others when not used by you.

Widespread cloud computing is made possible by the Internet, and this is the most common way of accessing cloud resources. Intranets and dedicated networks are sometimes used too, in the case of a private cloud, for example.

In an enterprise that has complex and expensive IT systems to support its business processes, who would not be attracted by the idea of just being able to pay on-demand for someone else to provide IT services without being concerned with the details of how it is done? Who would not welcome having several potential IT service suppliers, giving a competitive choice? Perhaps you no longer need an internal IT department, a business within your business of people who aren't core to your products and services. You can stop worrying about hiring and retaining a workforce with IT skills that are in short supply and therefore at a premium. And you can escape from the confines of application upgrades and hardware obsolescence.

Put like this, it all sounds so simple. But what does “cloud computing” really mean?

This chapter:

• Takes a look at the leading consensus definition of cloud computing, from the US National Institute of Standards and Technology (NIST), and explains its concepts
• Summarizes the key differences between cloud computing and traditional IT
• Describes how cloud computing is used, and how it impacts providers and consumers of cloud services and of added services implemented using the cloud
• Describes the impact of cloud computing on business

It will give you an insight into the potential for cloud computing to transform business. The next chapter (Chapter 2) explains the different reasons why enterprises are using the cloud, or providing cloud services. The subsequent chapters will help you to understand more specifically how cloud computing can benefit your business.

NIST Definition of Cloud Computing

The definition of cloud computing provided by NIST has gained significant traction within the IT industry. According to this definition (see [NIST]):

“Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.”

A note to the definition says that:

“Cloud computing is still an evolving paradigm. Its definitions, use-cases, underlying technologies, issues, risks, and benefits will be refined in a spirited debate by the public and private sectors. These definitions, attributes, and characteristics will evolve and change over time.”

This is undoubtedly true. Nevertheless, at this point in time, the NIST definition is widely accepted and is increasingly regarded as authoritative.

Cloud computing is often confused with other similar computing paradigms. Examples of common computing models that are not cloud computing are: peer-to-peer networks, Service-Oriented Architecture (SOA), grid computing (for example, the SETI@home project), and network asset sharing (networked printers, NAS disk drives, etc.).

The basic cloud computing model is shown below. Servers, storage, applications, and services are accessed via a common network. They are shared between organizations, and accessed by users or applications. The users may be members of the organizations working on-premise, remote workers, customers, or members of the general public.

Basic Cloud Computing Model

Cloud computing resources can be rapidly provisioned and released with minimal management effort or service provider interaction. This means that an organization can use more or fewer servers, stores, applications, or services, and can configure the ones it uses to meet its requirements, as and when it wishes to do so, and without major effort.

Cloud computing has five essential characteristics. They are on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. These are the features that distinguish it from other computing models.

It has three service models. These are the basic kinds of service that cloud service providers provide. They are Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).

It has four deployment models, corresponding to different ways in which cloud resources are owned and operated. They are Private Cloud, Public Cloud, Community Cloud, and Hybrid Cloud.

Essential Characteristics

The five essential characteristics of the NIST definition are shown below and described in the following sections. The definitions of the characteristics in these sections are all taken from the NIST definition.

The Essential Characteristics of Cloud Computing

On-Demand Self-Service

“A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service’s provider.”

Consumers must be able to obtain cloud services – at the infrastructure, platform, or application level – whenever they want, without requiring significant assistance.

Often, these services must be paid for. The buyer can typically set up an account with the seller, establish security and billing credentials, and then select and schedule the use of the cloud computing resources on sale. This is generally done using an easily accessible and user-friendly online system. In the case of IaaS, for example, this might enable the user to start virtual machines, assign network addresses, and allocate storage.

In some situations, particularly with private cloud, payment is not needed. The service provider will still give the consumer the ability to configure resources and schedule their use.

For the provider, on-demand self-service requires that procurement, account management, service instantiation, security control, service management, metering, billing and payment mechanisms are established. These mechanisms will interface with operational systems so that services are created, started, run, and stopped in accordance with the consumer's instructions. Use of a service by a consumer might last only for minutes, or for weeks, months, or years.

Although the concept of cloud computing gives the illusion of infinite resource, clearly this in reality does not exist, and most certainly does not exist for all consumers at the same point in time. How well providers are able to forecast demand, and how efficient they are at provisioning their services, are fundamental to their ability to meet consumer expectations and service levels.

Providers typically set usage limits in line with their ability to provision resources and with a buyer’s credit worthiness. They may determine that usage requests that require a large amount of application or infrastructure resource, or that cost more than a set amount, are subject to minimum notice, pre-reservations, or additional financial vetting. Various means may be used to help preserve service levels, such as offering reduced prices for advance purchases or for buyers who are willing to endure service interruptions or reduced performance in the event of resource constraint.

Broad Network Access

“Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs).”

Network access is needed to establish the initial provider/consumer relationship, for subsequent use of the cloud services themselves, and for use of added services that the consumer may implement using the cloud services. For example, a company might use cloud services to implement a web site to give its customers product information. That company needs network access to purchase and configure the cloud services, and to manage and operate its web site, and its customers need network access to use the web site.

The user of a cloud service or added service might have a PC or a device such as a tablet, a PDA, or a mobile phone. These could have browsers or be browser-less devices. Or the cloud services could be integrated into a consumer enterprise’s IT architecture, with access from large and sophisticated computer systems.

The cloud services must be accessible through standardized mechanisms. This introduces an important consideration for all cloud implementations – the use of standards. Without adherence to standards throughout the technology stack, from the network level up to the client access and presentation level, accessibility from such a variety of devices and applications would inevitably be reduced and broad network access would not be achievable. Use of standards is fundamental to this.

Commercial companies generally want maximum market access. The greater the accessibility of their services, the greater is the potential for sales. The broad network access characteristic of cloud computing means that a company can implement added services that can be successfully used by anyone, anywhere on the globe, using a variety of devices.

Resource Pooling

“The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location-independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or data center). Examples of resources include storage, processing, memory, network bandwidth, and virtual machines.”

A traditional IT model is generally centered on the provision of IT services for one enterprise. Because they can assign pooled resources dynamically to meet demand, cloud service providers can maintain maximum service levels with minimum resources. For consumers, this means high QoS at low cost. It is a major reason why cloud computing, unlike other initiatives, is expected to succeed.

Having consumers from different industry segments and countries can help significantly. Industries and countries have varying usage patterns because of climate and cultural differences. When resources are shared, the patterns are combined, with usage peaks in one industry or country coming at the same time as periods of lower use in others.

Computing resources may be shared at the infrastructure, platform, or application level. Most cloud computing users share infrastructure and possibly platforms. That said, sharing platforms and applications does not necessarily mean users sharing instances of operating systems and applications programs. From an application standpoint, enabling sharing could require extensive and fundamental re-architecting of the software. This may not be worth doing, given that the key benefit of efficient resource use can be obtained just by pooling infrastructure and platform resources.

Efficient resource use is one side of the resource-pooling coin; multi-tenancy is the other.

Multi-tenancy means that a single instance of a computing resource serves multiple client organizations (the tenants) providing a separate environment for each. Examples of resources include instances of infrastructure, platform, software, and application.

Multi-tenancy tenant isolation often relates to fault isolation, resource isolation, and security isolation. These capabilities enable tenants to have secure, available environments regardless of other tenant behavior.

How multi-tenancy is enabled depends on the service model. In the case of IaaS, multi-tenancy of the infrastructure is enabled by the virtualization of the infrastructure resources. For PaaS, multi-tenancy of a platform is enabled by the platform software providing separate environments for its user organizations. In this sense, a multi-user operating system can be regarded as multi-tenant by definition. For SaaS, multi-tenancy of a software application depends on the application being designed to partition its configuration and data for the client organizations. Most of today’s applications are designed for a single tenant, and cannot be changed to multi-tenant operation without significant re-architecting.

From the user’s point of view, it can be hard to distinguish a multi-tenant application from a single-tenant application running on a multi-tenant platform, or to distinguish a multi-tenant platform from a single-tenant platform running on multi-tenant infrastructure.

Each consumer must consider whether there is any impact from sharing with other, unknown consumers. It may be hard to establish the degree to which sharing takes place, and impossible to discover who the other consumers are. Providers give varying amounts of information about their systems, which may include very specific product configurations and bespoke enhancements to standard products. They may offer guarantees of service and security levels, or provide very little by way of assurance. You must assess the risks and make your own judgment.

The concept of resource pooling includes location-independence. For providers, having resources in convenient locations means lower costs. Having them in diverse locations means that services can be maintained in the event of loss of a data center, of power, or of network connectivity. Again, this translates to higher quality and lower cost for consumers.

As far as their use of the services is concerned, consumers have no need to know what the underlying resources are, or where they are located. But there are other reasons – such as data security, compliance with regulations, and performance in accessing data – why location may become highly relevant. Because of this, providers may give a choice of location, at least to the extent of continent or country, or may say where they operate.

For SaaS there may be certain levels of protection effectively built into the application service, by routine back-ups and multi-data center and even multi-country hosting. For PaaS and IaaS, while the possibility to construct such resilience may exist, the consumer will probably have to select and configure the individual components required, assign geographically dispersed servers to construct failover configurations, and copy the data, much as for in-house IT solutions.

How a provider’s resources are distributed geographically, the amount of protection against various disaster scenarios that this provides, and the legal issues associated with keeping data in the countries concerned, will be matters of detail for the consumer to investigate. See the discussion of Establishing Requirements for more on the legal issues.

Rapid Elasticity

“Capabilities can be rapidly and elastically provisioned, in some cases automatically, to quickly scale out and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time.”

One of the key benefits of cloud computing is the ability to have a flexible computing service which can expand or contract in line with business demand, giving you capacity which would be impossible to generate from an in-house implementation without significant investment in resources.

Elasticity has three major features:

• Linear scaling

  The service can scale, independent of the number of users or workload size (subject to operating condition limits). The performance experience for one of a thousand users is the same as for a single user. This is not the case for most traditional systems, which have non-linear scalability rather than elasticity.

• On-demand utilization

  Allocation of virtual resources follows the demand profile exactly, so that the user appears to have 100% utilization of the service.

• Pay-as-you-go

  Payment for IT resources is on a per-use basis using an OPEX style charging principle. This means that the asset ownership is with the service provider, and the user pays for consumption of the service on the basis of the resource units consumed. Typically, a cloud service has logical units of resource defined by the service provider based on a standard configuration.

Resource pooling helps providers to achieve elasticity. A resource that is no longer needed by one consumer can be allocated to another consumer that needs more resources.

Consumers must understand how elasticity is provided and how different usage levels are priced, in order to exploit this characteristic to best advantage. Pricing can be complex, and can vary widely between suppliers. Use of applications that provide the same function may be charged by transaction, by number of users, by data quantity, or by infrastructure consumed. Pricing of infrastructure resources may take into account factors such as virtual machine size, memory and disc size, and network usage.

For SaaS, this may be relatively simple, with charging based upon real transaction or user utilization. The consumer does not need to worry about resource configuration, and probably has no ability to change it anyway.

With PaaS or IaaS, the consumer may need to design an effective application and infrastructure solution to exploit rapid elasticity. For example, IaaS providers let you schedule and run as many virtual servers as you wish; it is for you to determine how many are required to host your application. You may need to perform your own monitoring of capacity and utilization to ensure that excess virtual servers are stopped when not required and additional ones are started when demand rises.

For organizations selling cloud computing services, the challenge is to attract and retain buyers, and to do so while making a healthy profit. Forecasting how many buyers will buy how much and when is analogous to customer-demand forecasting by utility companies; it is radically different from the same exercise undertaken within a single organization with established patterns of business activity. Over-capacity will cost in respect to infrastructure and applications deployed but not sold; under-capacity may lose customers and thereby revenue. Sellers can mitigate some of the issues by using tactics such as buyer behavior analysis and flexible purchasing arrangements with hardware and software vendors.

Measured Service

“Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported providing transparency for both the provider and consumer of the utilized service.”

If services are to be charged on a per-use basis, it is immediately obvious that usage must somehow be measured. Consumers require sufficient measurements from their cloud computing service providers to enable them to make purchasing and operational judgments. First, they want to select the optimum service to meet their needs. Then, they want to know whether it is performing in accordance with their SLAs, and whether their use of it is as expected.

Sellers of cloud services must provide sufficient information about their charging regimes up-front to allow purchasers to make informed choices. On an ongoing basis, they must provide accurate accounting information to support their bills, and give sufficient usage information to allow solutions to be managed operationally.

Consumers may wish to use this information in systems management and financial accounting applications. They may wish to aggregate or sub-divide it if they in turn provide services to other organizations. The information must be in an appropriate form to allow for this.

Usage of different components may need to be measured separately. In IaaS, charges are often calculated for storage occupied, network data transfers, IP addresses, virtual servers, etc. Each of these components will require measurement to ascertain number, size, quantity, and usage over time as appropriate to the charging regimes in place. Similar measures will be required for PaaS. Measures for SaaS might include per-user and per-software-function values, which might in turn be calculated from measures of infrastructure occupancy.

Service Models

NIST defines three service models. They parallel the layers of a traditional computing environment. They are illustrated in the figure below and described in the following sections.

Cloud Service Models

Cloud Infrastructure as a Service (IaaS)

“The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls).”

Instead of owning, managing, and operating your own computer hardware, you can use computers that someone else owns, manages, and operates.

Computer leasing and outsourcing became popular back in the early days of computing with companies that wanted to use computers but didn’t want to bear the capital cost of owning them or to have the hassle of operating them. Since then, two technical developments have made possible IaaS as we have it today, providing the same benefits but in radically improved form: the Internet and virtualization.

The availability of high-bandwidth data communications over the Internet makes it almost as easy to use a computer in a different continent as one on your own premises. This eliminates any problems with having operations staff from other companies onsite, and means that the company running your computers can organize itself efficiently on its own premises, taking advantage of locations where staff costs and operating costs are low.

Virtualization is a technique by which what appears to be a single computer or storage module is in fact not implemented as a single physical resource but uses part of the capacity of one or more physical resources. When you use an IaaS “machine” or “storage block”, it is very unlikely that you will have a dedicated computer or disc drive.

There are a number of virtualization techniques and products that enable this. These have been developed as a result of commercial research and academic studies at leading institutions including the Cambridge University Computer Laboratory in the UK, the Center for Research on Computation and Society School for Engineering and Applied Sciences at Harvard University, the University of California Santa Barbara, the University of Berkley RAD Laboratory, and the Massachusetts Institute of Technology (MIT).

Generally, in these products, a hypervisor (consisting of a program possibly supported by special-purpose virtualization hardware) presents virtual hardware resources to the guest operating systems, allowing industry standard servers and their attached network and storage to function as unified resource pools. Thus, a number of physical resources are collected together and, through a single hypervisor interface, are presented as a collection of virtual machines, on which the guest operating systems run. The hypervisor also monitors the execution of the virtual machines on the physical resources, and provides configuration and management capabilities. An example is the Eucalyptus open source cloud computing infrastructure [EUCALYPTUS].

It is these virtualization techniques that make effective resource pooling and elasticity possible for IaaS.

Cloud Platform as a Service (PaaS)

“The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations.”

You can pass to a service provider the burden of owning, managing, and operating systems software, as well as the hardware itself.

The kind of “as a service” determines the division of responsibility between consumer and provider. The PaaS definition implies that the service provider is responsible for run-time monitoring and management. (The consumer defines configurations, but it is then up to the provider to follow them.) This requires middleware. Furthermore, there has to be a deployment mechanism for applications as part of PaaS. PaaS providers typically have Linux or Windows operating systems for their customers to use, often with SQL databases and support for standard programming languages such as Java. They can also provide middleware and web-hosting platforms with servlet containers and support for server-side scripting languages such as PHP.

Cloud Software as a Service (SaaS)

“The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.”

In addition to applications accessed by browsers, there are cloud services accessed by browser-less devices. Cloud applications for mobile devices constitute a growing and popular market.

Ultimately, you can let the service providers run all of your software. You may need different applications from different vendors. In that case, you may have to worry about integration.

An increasing range of applications is available on the cloud, from storage and exchange of personal information on social networking sites, to office applications, and business applications such as product quality management.

Deployment Models

NIST defines four deployment models: private cloud, public cloud, community cloud, and hybrid cloud.

Private Cloud

“The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on-premise or off-premise.”

A private cloud where the infrastructure is operated and managed by a third party is sometimes called a virtual private cloud, particularly where the third party is a public cloud provider that dedicates a part of its cloud infrastructure to public use and part to private use.

Private cloud gives an organization the benefits of cloud computing, without the restrictions of network bandwidth, security exposures, and legal issues that using external resources might entail. It can also have better security, accountability, and resilience than public cloud, because use can be controlled and managed.

The cost of private cloud can be borne by the organization as a whole, rather than by individual users. Not having to pay or account for resources consumed can make using the cloud simpler and easier.

An “organization” can represent anything from an individual to a large commercial corporation or government department. Private cloud can be especially useful for larger enterprises, because they can gain greater economies from shared use of pooled resources. Also, at least at present, the cost of designing and implementing a private cloud may be prohibitive for a small organization. (This is likely to change as more vendors offer private cloud as off-the-shelf products.)

The advantages of private cloud should be balanced against possible disadvantages. Some things to consider are:

• Capital investment: Significant capital investment is required for the parent organization. Unless there is senior sponsorship in the company and a robust business case (or an appetite for upfront investment), this can be enough to stall the activity.
• Time-to-market: Most companies will take 6-36 months to establish a usable private cloud. Those that take less time usually forget key requirements such as auto-provisioning, governance, chargeback, monitoring, and adequate service operations. Significant time can be added if high availability is required, as anything above 99.9% usually requires creation of more than one location for the data center.
• Technology: An organization needs to make important decisions such as buying best-of-breed point technology solutions, and this inevitably means significant integration work or buying a single-vendor solution, which might not be best fit in all areas.
• Learning curve: Cloud vendors have learned some very valuable lessons, which even strong technology companies will not be able to bake into their solutions. They are also very unwilling to share best practices with others.

Public Cloud

“The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.”

“Public” does not mean “free”. Public cloud providers may offer some services free-of-charge, but in general they charge enough on average to at least cover their costs.

Also, “public” does not mean that user data is visible to the public at large. Cloud providers implement security mechanisms to control access to data.

The main benefit of using a public cloud, as opposed to creating a private cloud, is easy and inexpensive set-up. The provider has done the work needed to create the cloud; the consumer just needs to do an additional amount to configure the resources to be used. The consumer also benefits from the economies of sharing resources with other consumers (though multi-tenancy may have a downside too).

Community Cloud

“The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be managed by the organizations or a third party and may exist on-premise or off-premise.”

Community cloud, as defined here, has similarities to both private and public cloud. Like private cloud, it can avoid network bandwidth, security exposures, and legal issues that arise from using external resources, and its use can be controlled and managed. Like public cloud, it makes set-up easy for individual organizations, and it provides more efficient use of pooled resources for the whole community than any of its members could achieve individually.

While the burden of creating and managing the cloud is lifted from the shoulders of each member organization, this has to be done by the community as a whole. Charging mechanisms and governance procedures must be established to enable this.

Case 24: Virtual Learning in Cloud Computing in Use provides an example of community cloud.

Note that social networking and similar services do not really satisfy this definition. Here, the infrastructure is owned by a single organization and shared by a community of end users. This is classed as public cloud.

Hybrid Cloud

“The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds).”

A hybrid cloud may be coordinated by a broker that federates data, identity, security, and other details.

Another scenario is that an enterprise has a private cloud but also uses a public cloud, perhaps for particular applications, or perhaps as a back-up or to handle peaks of load. In this model users typically host non-business-critical information and processing in the public cloud, while keeping business-critical services and data in their control in the private part of the hybrid.

Extending the NIST Model to Business Processes

The phrase “as a Service” has become something of a buzzword. We hear of such things as Storage as a Service, Information as a Service, and Integration as a Service. In many cases, these are sub-categories of the three NIST service models, IaaS, PaaS, and SaaS.

There is, however, one area in which the cloud community is talking about a major extension: the provision of cloud services that carry out business processes, such as payroll, CRM, billing, HR, order taking, and information delivery. This is a new service model: Business Process-as-a-Service (BPaaS). It is differentiated from SaaS because it includes services partly performed by people, not just by applications software.

In this model, the consumer has the ability to use the provider-defined business processes running on cloud services. The business processes interact with various client devices through lightweight interfaces such as a web browser or email. The consumer does not manage or control the underlying cloud platform and infrastructure, including network, servers, operating systems, storage, and BPM platform. Nor does the consumer manage or control individual business processes and underlying application capabilities, with the possible exception of limited consumer-specific process configuration settings.

While BPaaS is potentially a very significant development, this Guide focuses on the original cloud service models of IaaS, PaaS, and SaaS.

Comparison with Traditional Environments

The key practical differences between traditional computing environments and cloud computing are shown below.

Practical Differences between Cloud Computing and Traditional Environments

Characteristic	Cloud Computing	Traditional	Comments
Time before service can be accessed	Minutes/Hours	Days/Weeks	Once the cloud computing environment is set up initially, you can gain access faster than in traditional environments where lead time is needed for installation, set-up, and configuration.
Capital Expenditure (CAPEX)	Pay-as-you-go, Variable	Upfront cost, Fixed	The pay-as-you-go model for cloud computing reduces or eliminates the large upfront costs incurred in procuring hardware and software and standing up traditional environments.
Economies of scale	Yes, for all organizations	For large organizations only	Cloud computing not only provides cost advantages in procurement of hardware and software, it also provides cost advantages from improved productivity. Traditionally, lessons learned from one environment must be duplicated in other environments but, with cloud computing, once the best practices are applied they benefit all consumers.
Multi-tenancy	Yes	Generally no, but can be found in application hosting	Multi-tenancy properly applied to cloud computing services allows providers to host multiple consumers effectively across shared resources. While it is more readily enabled in IaaS through the use of virtualization, PaaS and SaaS providers may need to undertake significant re-architecting of their platforms or applications to apply multi-tenancy to these elements as well as to infrastructure. Where this has not been undertaken, consumers may find that their platforms and applications are not as elastic or cost-effective as anticipated.
Scalability	Elastic and Automatic	Manual	Cloud computing resources can often be scaled up or down automatically, whereas human intervention is usually needed to add hardware and software in traditional environments.
Virtualized	Usually	Sometimes	Cloud computing environments are usually virtualized, whereas traditional environments include a mix of physical and virtualized infrastructure.

Providing and Using Cloud Services

Cloud computing is about the provision of services. A service has a provider and a consumer. It exposes capabilities that the provider has that are of value to the consumer. For cloud services, these capabilities are those of:

• Owning and operating computer hardware (IaaS)
• Owning and operating computer hardware and systems software (PaaS)
• Owning and operating computer hardware, systems software, and software applications (SaaS)

In many cases, an organization uses cloud services in order to provide added services to the people and organizations that it deals with. This is obviously the case when a company buys IaaS or PaaS from a cloud provider and runs a software application on top of it. The cloud service consumer develops the added service and provides it for the benefit of end users. It is also the case when a company buys SaaS from a cloud provider and uses that service to support its business operations. And it is the case when an enterprise’s IT department uses the cloud to provide the services needed by other departments. Using the cloud to provide added services means that those services must be developed on, or ported to, the cloud.

In other cases, for example, when a company uses an SaaS CRM solution, organizations and individuals simply use cloud services and added services to support their business and leisure activities. This has many benefits, but there are some pitfalls to avoid.

Providing Cloud Services

The provider of a cloud service has control over a set of resources, and makes them available to consumers of the service, in a way that has the essential characteristics of cloud computing.

Providing Cloud Services

The resources may include processors, data stores, system programs, application programs, and networks. They may be owned or leased by the provider and be on the provider’s premises, or the provider may have control of them through a contract with another cloud service provider.

The resources are made available to consumers under a contract. For large-scale use, this may take the form of a signed legal document. In other cases, the consumer typically checks a box on a web form. The provider agrees to provide the service, under certain conditions. The consumer agrees to accept the conditions when using the service and, in many cases, to pay for the service.

On-demand self-service requires something at the point of interaction between the consumer of a cloud computing service and the provider to enable the service to be contracted for and instantiated with minimal effort and interaction between these two parties. The typical means for this is a web site that enables the consumer to:

• Sign up to the cloud service
• Access billing and payment information and mechanisms
• Access administrative capabilities, particularly for security and identity management
• Operate the cloud service – adding, running, stopping, modifying, and removing resources as required

This web site is used to establish a provider/consumer relationship and contract. It is not used for the subsequent consumption of added services by end users. For example, if a company runs a web site using resources from a cloud service provider, visitors to the web site may have no idea that it was provided through use of cloud computing infrastructure, and would not interact directly with the cloud service provider.

Beyond the essential capabilities to allow a cloud computing resource to be purchased and run, additional capabilities may be present to provide other functions common within IT operation, such as monitoring, reporting, SLA management, error reporting, and bug fixing.

Providing Added Services

The consumer of a cloud service may use it to provide an added service, as shown below. The added service is used by the customers of the provider of the added service, not by the provider itself.

Providing Added Services

The provider of added services contracts with cloud providers to obtain use of the resources that they control. The added services may in turn be cloud services. For example, an SaaS provider might use resources from a PaaS provider. Generally, the added services are software services, but they do not necessarily have the essential cloud computing characteristics. For example, they may not be available through on-demand self-service, or they may not be elastic.

Many companies, for example, use cloud services to implement web sites, and deliver added services such as product ordering through those web sites. The end users use the web sites in the normal way; there is no possibility of an end user increasing or decreasing web site capacity (as would be possible with a cloud service), or any need for this. For these added service providers, the cloud is simply a convenient way of obtaining computing resources to support their business activities.

Developing Added Services

Before an added service can be provided, it must be developed, or ported to the cloud from in-house systems or elsewhere. For the developer, the use of cloud services will require care:

• Thought and effort are needed to make best use of its characteristics to obtain maximum benefit.
• The contractual terms and their implications for non-functional requirements must be well understood.
• It is often necessary to integrate the added services that use the cloud with existing traditional in-house IT services.
• There are differences between the development facilities used in a cloud environment and those of a typical in-house IT department.
• There are areas where the developer is dependent on the cloud provider, and must allow for provider actions that he or she cannot control.

Developing for consistent performance will require different architectural approaches to those typically employed for in-house IT environments, where fixed resources are often provisioned for individual applications and services. Developed solutions may need to interact with the provider’s scheduling and resource provisioning services to add or remove resources. The means of engaging with different providers may be radically different.

If services are to be able to respond to demand and meet their requirements for availability, then the demand must be monitored and resources scheduled to satisfy it. Developers should be looking to exploit cloud computing characteristics to manage volatility, scheduling resources in response to demand to maintain service levels, but avoiding over-capacity. For service availability, applications may be hosted upon multiple clustered servers, and mechanisms must be provided for back-up and recovery of data. Facilities may need to be developed for monitoring, alerting, and scheduling of maintenance operations. Developers will rely upon the presence of service metrics to enable effective management of resources.

Also, the developer must cater for the different pricing models of different providers. For one model, it may be necessary to avoid excessive interaction between servers because these entail high network charges; for another, this may not be a problem, but there could be high costs associated with end-user interaction.

An in-house IT department usually has established procedures for providing help, fault reporting, bug fixing, setting up development environments, testing, and cutting over to live service. Completely different methods, tools, and procedures will in all likelihood be required when developing upon a cloud computing service, whether this is IaaS, PaaS, or SaaS. The whole service development and management lifecycle may be impacted.

Effective development requires that developers understand and exploit the platform upon which they are developing. As with any new development platform, they will need time to learn how to use cloud development facilities. Support by cloud providers for standard development platforms such as Eclipse (see [ECLIPSE]) helps to overcome this problem.

The nature of cloud will be more suited to the exploitation of offshore development resources which many companies are leaning towards, as these are generally geared for a global marketplace.

Developing at a distance may have unforeseen impacts upon the ability to load and extract test data and to migrate live data from existing systems. This may be a concern if an application needs to store or retrieve significant quantities of data and these are dispersed around the globe.

When what you use is metered and you pay for it, the amount of use becomes a major concern. Developers’ use of cloud resources may need to be monitored. For example, storing excess copies of data in an on-premise development is merely a maintenance and management inconvenience, but in a cloud computing development this will cost money.

Developers working in an in-house IT environment are often able to dictate product choices, including versions and configuration parameters. In a cloud computing environment, many of these choices may be restricted by the provider. Changes to the environment such as product version upgrades are likely to take place at the provider's discretion, irrespective of the lifecycle stage of the developer. This could mean significant re-work or re-testing. With IaaS, developers may still have significant control over product and platform choices, but they will have little or no control with PaaS or SaaS.

Fault reporting, bug fixing, and change control for a cloud service will be carried out by the provider. Developers depend on the provider performing these processes effectively.

The relationship of a developer to the cloud computing service provider is different from that of a developer to an internal IT department service provider. The developer has much less ability to influence the provider, but is still dependent on the provider in many ways; for example, in support of fixing problems.

Testing, including functional, performance, and security testing, will be more challenging with cloud service providers, given the relatively closed environment that they generally provide. With SaaS, some testing may need to be done in the production environment.

Quality of the development environment is an important consideration. It should be taken into account when procuring cloud services. In some cases, it may be more important than the quality and cost of the cloud services themselves. A cheap and powerful deployment environment may not make up for increased application programming costs.

Using Cloud Services

An end-user organization, its customers, and other people that interact with it see the cloud software services, rather than the servers or storage. Those services may be provided by the cloud provider, or by added service providers. There may be several clouds, several cloud providers, and several added service providers.

Using Cloud Services

If you are a consumer, the ability to connect to and use a service with a device of your choice, from a location of your choice, and using a network connection of your choice may be a significant factor in choosing your provider. The greater the limitations placed upon service access and consumption, such as the use of a particular web browser or web browser version, the more difficult, restrictive, and therefore less valuable the service.

Users of multiple services from different providers may find themselves the victims of conflicting demands. For example, if two services require different browser clients, the user may not be able to accommodate both.

For enterprises with established in-house IT, integrating cloud services with existing systems and service management tools is important, and may not be easy. Enhancing management systems to accommodate cloud services may require significant work. The lack of standards in this area will be an ongoing obstacle for integration of service management functions. Facilities that are routinely taken as given in on-premise developments, including major non-functional facilities such as authentication and single sign-on, may need enhancement to work with cloud services.

Although managing the complexity of client access software and backend application versions is nothing new to those used to the traditional IT environment of enterprises today, dependence on services from a cloud service provider can bring new difficulties. Established software management and version control polices will no longer apply. Governance practices will also have to adapt. It will no longer be possible to schedule upgrades and changes when required, avoiding key business processing events. Understanding providers’ policies for change notification and customer service is critical.

Having different providers for different applications can be a problem, however. It is too easy for them to be “information silos”, so that you do not have integrated access to information across your enterprise. SaaS provides many benefits to its customers, but also provides challenges. These could be major commercial opportunities for systems integrators – and corresponding costs for user enterprises.

There could be integration difficulties at infrastructure and platform levels as well as the application level. Like quality of the development environment, the ability to integrate a cloud provider’s services with those of other cloud providers and with those of in-house IT departments is an important consideration that should be taken into account when procuring cloud services.

The Impact of Cloud Computing

Most people that have water on tap take it for granted. Few have ever had to go to a well or communal standpipe for their water, or know what it is like to have to do this every day. Having water on tap brings a higher quality of life. Freed from the need to devote time and effort to basic but necessary tasks, people can do things that they want to do, that make their life better. In the same way, cloud computing frees enterprises from the need to devote time and effort to operating and managing their IT, and enables them to focus on their core activities.

The knock-on effects on the wider economy are huge, and very beneficial. As businesses become more effective at what they do, they have capacity to do more. The whole economy grows. Municipal water is an essential pre-requisite for a civilized society today. In the same way, cloud computing will be essential for the civilized societies of the future.

New Business Paradigm

The evolution of business and IT assets and operations is a continuous process. Today, many factors are involved beyond the disruptions caused by technology developments.

Economic, environmental, and global activities shape regional markets, products, and services in many industry sectors. Government legislation and investment priorities drive standards and commercial behaviors. The Internet, mass media, and collaboration create new access channels that enable market developments hitherto constrained by geography and performance limitations.

Cloud computing provides a new business paradigm for resources. It enables organizations to create and use IT and business services on-demand from optimal sources to maximize utilization and cost-effectiveness. This can be between enterprises or within a single enterprise.

In a business environment, the business processes are how work gets done. They are supported by applications that manage information content and perform transactions. These are in turn supported by a platform and infrastructure that provide storage, processing, and communications. Cloud computing enables businesses to create and use services on-demand, through cloud SaaS, PaaS, and IaaS. Examples of such services include business services, application software services, integration and development services, and infrastructure services. The applications, platform, and infrastructure thus can be replaced by cloud services, as shown below.

Use of Cloud Services to Support Business Processes

The cloud services that support the business processes can be inside the organization, in an internal private cloud, or outside it, in a public cloud or virtual private cloud, as illustrated in the figure below. Or they can be in a hybrid cloud, a combination of public and private clouds.

Internal and External Cloud Services

Cloud computing enables businesses to think and act beyond the “four walls” of the company through exchange of services. They can access marketplace best practice solutions, and select effective IT services from multiple sources to meet their needs faster and at lower cost.

Cloud Ecosystems

An ecosystem exists where participants in a defined market have integrated business processes and use common standards for exchange of information, products, and services.

Business Ecosystem

In today's world, companies are participating in highly collaborative ecosystems providing their specific expertise to create end-to-end services. This will become more important in the future.

SOA and Web 2.0 were milestone developments in the IT industry, while Business Process Management (BPM) has been a major step toward standardized business services automation. With cloud computing, standards and technological developments come together to create an environment in which integrated business processes are supported by software services performed within and between enterprises.

Cloud Ecosystem

In such an ecosystem, providers and consumers of cloud services participate in common business processes. We have become used to the cloud as a means of sharing information; it is now commonplace, for example, for people to share photographs using social network websites. In cloud-based business systems, this is taken to a new dimension; the cloud becomes a means by which enterprises can share business logic.

Cloud ecosystems foster standards-based business exchanges between participating enterprises. This encourages optimization of the products and services available in the ecosystem’s marketplace.

Cloud computing enables providers and consumers of products and services to interact much more easily, because they are freed from the drudgery of providing the necessary IT support. This encourages the creation and growth of ecosystems in which companies co-operate effectively to meet the needs of society. The benefits of cloud computing extend not just to individual businesses, but to business as a whole.