Cloud computing

From LIMSWiki
Jump to: navigation, search
Cloud computing logical diagram

Cloud computing is the delivery of computing as a service rather than a product, whereby shared resources, software, and information are provided to computers and other devices as a utility (like the electricity grid) over a network, typically the Internet.

Cloud computing describes a new supplement, consumption, and delivery model for IT services based on Internet protocols, and it typically involves provisioning of dynamically scalable and often virtualized resources[1][2] Details are abstracted from end-users, who no longer have need for expertise in, or control over, the technology infrastructure "in the cloud" that supports them.[3]

Cloud computing typically takes the form of web-based tools or applications that users can access and use through a web browser as if they were programs installed locally on their own computers. Those applications and resulting data are stored on servers at a remote location. In some cases, legacy applications (line of business applications that until now have been prevalent in thin client Windows computing) are delivered via a screen-sharing technology, while the computing resources are consolidated at a remote data center location; in other cases, entire business applications have been coded using web-based technologies such as Ajax.

Overview

Term

The term "cloud" is used as a metaphor for the Internet, based on the cloud drawing used in the past to represent the telephone network,[4] and later to depict the Internet in computer network diagrams as an abstraction of the underlying infrastructure it represents.[5]

Characteristics

The National Institute of Standards and Technology (NIST) offers an authoritative definition of cloud computing. That definition encompasses the essential characteristics, service models, and deployment models of the service. Of the essential characteristics, cloud computing must[6]:

  • provide computing capabilities and services on an as-needed basis, without human intervention;
  • be broadly accessible from a wide variety of standard desktop and mobile platforms;
  • make storage, processing, memory, and network bandwidth available as pooled, multi-tenant resources;
  • make those resources scalable with demand, often automatically, at any time; and
  • meter those resources and make the resulting information transparently available to both provider and consumer.

Additional, more granular characteristics of cloud computing include the following.

  • An application programming interface (API) enables machines to interact with cloud software in the same way the user interface facilitates interaction between humans and computers. Cloud computing systems typically use REST-based APIs.
  • Cost is potentially reduced in a public cloud delivery model, with capital expenditure being converted to operational expenditure, including research, development, and sales.[7] This is purported to lower barriers to entry, as infrastructure is typically provided by a third-party and does not need to be purchased for one-time or infrequent intensive computing tasks. Pricing on a utility computing basis is fine-grained with usage-based options and fewer in-house IT skills are required for implementation.[8]
  • Device and location independence enable users to access systems using a web browser regardless of their location or what device they are using (e.g., PC, mobile phone).[9] As infrastructure is off-site (typically provided by a third-party) and accessed via the Internet, users can connect from anywhere.[8]
  • Multi-tenancy enables sharing of resources and costs across a large pool of users, allowing for centralization of infrastructure in locations with lower costs, peak-load capacity increases, and utilization and efficiency improvements.
  • Reliability is improved if multiple redundant sites are used, which makes well-designed cloud computing suitable for business continuity and disaster recovery.[10]
  • Services are scalable and elastic via dynamic, "on-demand" provisioning of resources on a fine-grained, self-service basis in real-time, without users having to engineer for peak loads.[11]
  • Performance is monitored, and consistent and loosely coupled architectures are constructed using web services as the system interface.[8]
  • Security could improve due to centralization of data, increased security-focused resources, etc., but concerns may persist about loss of control over certain sensitive data and the lack of security for stored kernels.
  • Maintenance of cloud computing applications is easier, because they do not need to be installed on each user's computer. They are easier to support and to improve, as the changes reach the clients instantly.

Service models

The NIST definition also details the service models, which include software as a service (SaaS; provider's application runs on their infrastructure), platform as a service (PaaS; consumer-created or -acquired application runs on provider's infrastructure), and infrastructure as a service (IaaS; customer deploys operating systems and applications over fundamental computing resources provisioned by the provider).[6]

Deployment models

Cloud computing deployment types

The NIST definition identifies four deployment models for cloud computing.[6]

Private cloud: an infrastructure operated solely for a single organization, whether managed internally or by a third-party and hosted internally or externally

Community cloud: an infrastructure shared between several organisations from a specific community with common concerns (security, compliance, jurisdiction, etc.), managed internally or by a third-party and hosted internally or externally

Public cloud: an infrastructure where resources are dynamically provisioned to the general public on a fine-grained, self-service basis over the Internet, via web applications/web services, from an off-site third-party provider who bills on a metered basis

Hybrid cloud: a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together, offering the benefits of multiple deployment models

A fifth deployment option (potentially classifiable as "hybrid") that has become more notable is carrier cloud, cloud computing services integrated into a communications service provider's network infrastructure.[12][13]

History

The underlying concept of cloud computing dates back to the 1960s, when John McCarthy opined that "computation may someday be organized as a public utility."[14] Almost all the modern-day characteristics of cloud computing (elastic provision, provided as a utility, online, illusion of infinite supply), as well as the comparison to the electricity industry and the use of public, private, government, and community forms, were thoroughly explored in Douglas Parkhill's 1966 book, The Challenge of the Computer Utility.[15]

The actual term "cloud" borrows from telephony in that telecommunications companies, that until the 1990s offered primarily dedicated point-to-point data circuits, began offering virtual private network (VPN) services with comparable quality of service but at a much lower cost. By switching traffic to balance utilization as they saw fit, they were able to utilize their overall network bandwidth more effectively. The cloud symbol was used to denote the demarcation point between that which was the responsibility of the provider and that which was the responsibility of the user. Cloud computing extends this boundary to cover servers as well as the network infrastructure.[16]

By the beginning of the twenty-first century, the advent of virtualization technology and cost effective computing hardware, as well as ubiquitous Internet connectivity, enabled a first wave of cloud services, including Salesforce.com in 1999 and Amazon Web Services in 2002.[17] After the dot-com bubble, Amazon continued to play key role in the development of cloud computing by modernizing their data centers, which, like most computer networks, were using as little as 10 percent of their capacity at any one time, just to leave room for occasional spikes. Having found the new cloud architecture resulted in significant internal efficiency improvements whereby small, fast-moving "two-pizza teams" could add new features faster and more easily, Amazon initiated a new commercial cloud-based project, launching its Elastic Compute cloud (EC2) in 2006.[17]

In May 2008, Eucalyptus became the first open-source, Amazon Web Service API-compatible platform for deploying private clouds.[18] In early 2008, OpenNebula, enhanced in the RESERVOIR European Commission-funded project, became the first open-source software for deploying private and hybrid clouds and for the federation of clouds.[19] By mid-2008, technology research firm Gartner saw an opportunity for cloud computing "to shape the relationship among consumers of IT services, those who use IT services and those who sell them"[20] and observed that "organisations are switching from company-owned hardware and software assets to per-use service-based models" so that the "projected shift to cloud computing ... will result in dramatic growth in IT products in some areas and significant reductions in other areas."[21]

By 2013, Gartner was reporting the public cloud services market was forecast to grow 18.5 percent in 2013, totalling $131 billion worldwide, up from $111 billion in 2012. Infrastructure as a service (IaaS) made up the fastest-growing segment of the market, growing 42.4 percent in 2012 to $6.1 billion, with expectations of it growing 47.3 percent in 2013 to $9 billion.[22]

Issues and concerns

General criticisms of cloud computing state the term is too unspecific or even misleading. CEO Larry Ellison of Oracle Corporation asserts that cloud computing is "everything that we already do"[23] and that the company could simply "change the wording on some of our ads" [24] to deploy cloud-based services.

In 2008, Forrester Research VP Frank Gillett questioned the very nature of and motivation behind the push for cloud computing, describing what he calls "cloud washing"—companies simply relabeling their products as "cloud computing", resulting in mere marketing innovation instead of "real" innovation. [25] That same year, GNU's Richard Stallman insisted the industry will only use the model to deliver services at ever increasing rates over proprietary systems, otherwise likening it to a "marketing hype campaign."[26]

Privacy

The cloud model has been criticized by privacy advocates for the greater ease in which the companies hosting the cloud services control and monitor at will, lawfully or unlawfully, the communication and data stored between the user and the host company, leading to questions about whether or not privacy concerns can be addressed.[27][28]

Compliance

In order to obtain compliance with regulations including FISMA, HIPAA, and SOX in the United States, the Data Protection Directive in the European Union, and the credit card industry's PCI DSS, users may have to adopt community or hybrid deployment modes that are typically more expensive and may offer restricted benefits. This is how Google is able to "manage and meet additional government policy requirements beyond FISMA"[29][30] and Rackspace Cloud are able to claim PCI compliance.[31]

Many providers also obtain SAS 70 Type II certification, but this has been criticized on the grounds that the hand-picked set of goals and standards determined by the auditor and the auditee are often not disclosed and can vary widely.[32] Providers typically make this information available on request, under non-disclosure agreement.[33]

Customers in the European Union contracting with cloud providers established outside the area have to adhere to the European Union's regulations on export of personal data.[34]

Performance

Public cloud instances typically function well at the server and client hardware; however, speed across the connecting public Internet pipeline can vary significantly. Internet speeds can be asymmetrical and non-guaranteed, bandwidth may need to be shared, and Internet traffic rarely follow the same path, constraining performance and making a cloud option less appealing than a localized option.[35] Poor upload speeds, especially from non-business home accounts, are also quoted as a factor limiting cloud computing's appeal.[36]

Legal

Since 2007, the number of trademark filings covering cloud computing brands, goods, and services has increased rapidly. For example, in March 2007, Dell applied to trademark the term "cloud computing" (U.S. Trademark 77,139,082) in the United States. The "Notice of Allowance" the company received in July 2008 was canceled in August, resulting in a formal rejection of the trademark application less than a week later. As Dell and other companies sought to better position themselves for cloud computing branding and marketing efforts, cloud computing trademark filings increased by 483 percent between 2008 and 2009. In 2009, 116 cloud computing trademarks were filed, and trademark analysts predicted that over 500 such marks could be filed during 2010.[37]

Other legal cases may shape the use of cloud computing by the public sector. On October 29, 2010, Google filed a lawsuit against the U.S. Department of Interior, which opened up a bid for software that required bidders use Microsoft's Business Productivity Online Suite. Google sued, calling the requirement "unduly restrictive of competition."[38] Scholars have pointed out that, beginning in 2005, the prevalence of open standards and open-source software options may have an impact on the way public entities choose to select vendors and their software.[39]

Concerns about the legal and financial repercussions of a cloud provider shutting down, which has happened in a number of cases, also exist.[40]

Open standards

Most cloud providers expose APIs that are typically well-documented (often under a Creative Commons license[41]) but also unique to their implementation and thus not interoperable. Some vendors have adopted others' APIs, and there are a number of open standards under development, with a view to delivering interoperability and portability.[42]

Security

As cloud computing increases in popularity, concerns are being raised about the security issues introduced through the adoption of this new model. The effectiveness and efficiency of traditional protection mechanisms are being reconsidered as the characteristics of this innovative deployment model differ widely from those of traditional architectures.[43]

Issues barring the adoption of cloud computing are due in large part to the private and public sectors' unease surrounding the external management of security based services. It is the very nature of cloud computing based services, private or public, that promote external management of provided services. This delivers great incentive among cloud computing service providers in producing a priority in building and maintaining strong management of secure services.[44] Security issues have been categorized into sensitive data access, data segregation, privacy, bug exploitation, recovery, accountability, malicious insiders, management console security, account control, and multi-tenancy issues. Solutions to various cloud security issues vary from cryptography (particularly public key infrastructure), use of multiple cloud providers, standardization of APIs, improving virtual machine support, and legal support.[43][45][45]

The complexity of security is further increased when data is distributed over a wider area or greater number of devices and in multi-tenant systems that are being shared by unrelated users. In addition, user access to security audit logs may be difficult or impossible. The move to private cloud installations are in part motivated by users' desire to retain control over the infrastructure and avoid losing control of information security.

Contracts

Most transitions to a cloud computing solution entail a change from a technically managed solution to a contractually managed solution. This change necessitates increased IT contract negotiation skills to establish the terms of the relationship and vendor management skills to maintain the relationship. All rights and responsibilities associated with the relationship between a client and a provider must be codified in the contract and effectively managed until the relationship has been terminated. Key risks and issues that are either unique to cloud computing or essential to its effective adoption typically involve service level agreements; data processing and access; provider infrastructure and security; and contract and vendor management.[46]

Further reading

Notes

This article reuses numerous content elements from the Wikipedia article.

References

  1. "Gartner Says Cloud Computing Will Be As Influential As E-business". Gartner, Inc. 26 June 2008. http://www.gartner.com/newsroom/id/707508. Retrieved 20 August 2014. 
  2. Knorr, Eric; Gruman, Galen (07 April 2008). "What cloud computing really means". InfoWorld. IDG Network. http://www.infoworld.com/d/cloud-computing/what-cloud-computing-really-means-031. Retrieved 20 August 2014. 
  3. Danielson, Krissi (26 March 2008). "Distinguishing Cloud Computing from Utility Computing". ebizQ. TechTarget. http://www.ebizq.net/blogs/saasweek/2008/03/distinguishing_cloud_computing/. Retrieved 21 August 2014. 
  4. Sells, Chris (01 July 1998). "Windows Telephony Programming: A Developer's Guide to TAPI". Sellsbrothers.com. Archived from the original on 02 May 2005. https://web.archive.org/web/20050502192319/http://www.sellsbrothers.com/writing/intro2tapi/default.aspx?content=pstn.htm. Retrieved 21 August 2014. 
  5. Scanlon,Jessie Holliday; Wieners, Brad (09 July 1999). "The Internet Cloud". The Industry Standard. IDG Network. Archived from the original on 11 February 2010. https://web.archive.org/web/20100211133442/http://www.thestandard.com/article/0,1902,5466,00.html. Retrieved 2010-08-22. 
  6. 6.0 6.1 6.2 Mell, Peter; Grance, Timothy (September 2011). "The NIST Definition of Cloud Computing" (PDF). National Institute of Standards and Technology. http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf. Retrieved 20 August 2014. 
  7. Columbus, Louis (10 April 2013). "Making Cloud Computing Pay". Forbes. http://www.forbes.com/sites/louiscolumbus/2013/04/10/making-cloud-computing-pay-2/. Retrieved 20 August 2014. 
  8. 8.0 8.1 8.2 Gens, Frank (23 September 2008). "Defining "Cloud Services" and "Cloud Computing"". IDC. http://blogs.idc.com/ie/?p=190. Retrieved 20 August 2014. 
  9. Farber, Dan (25 June 2008). "The new geek chic: Data centers". CNET. CBS Interactive. http://www.cnet.com/news/the-new-geek-chic-data-centers/. Retrieved 20 August 2014. 
  10. King, Rachael (04 August 2008). "Cloud Computing: Small Companies Take Flight". Businessweek. http://www.businessweek.com/technology/content/aug2008/tc2008083_619516.htm. Retrieved 20 August 2014. 
  11. Kuperberg, Michael; Herbst, Nikolas; Kistowski, Joakim von; Reussner, Ralf (2011). "Defining and Measuring Cloud Elasticity". Karlsruher Institut für Technologie. http://digbib.ubka.uni-karlsruhe.de/volltexte/1000023476. Retrieved 20 August 2014. 
  12. "Cloud Evolution: The Carrier Cloud" (PDF). Kontron. 2013. http://www.kontron.com/resources/collateral/white_papers/kontroncarriercloudwp.pdf. 
  13. Narcisi, Gina (November 2013). "Carrier cloud services: Do customers care if you own the network?". SearchTelecom. TechTarget. http://searchtelecom.techtarget.com/feature/Carrier-cloud-services-Do-customers-care-if-you-own-the-network. Retrieved 20 August 2014. 
  14. Halpert, Ben (2011). "Chapter 1: Introduction to Cloud Computing". Auditing Cloud Computing: A Security and Privacy Guide. John Wiley & Sons. pp. 1–13. ISBN 9781118116043. http://books.google.com/books?id=GjsH0HJ2PmYC&pg=PT10&lpg=PT10. Retrieved 21 August 2014. 
  15. Parhill, Douglas (2006). The Challenge of the Computer Utility. Addison-Wesley Pub. Co. http://books.google.com/books?id=8kJZAAAAMAAJ. Retrieved 21 August 2014. 
  16. Laubach, Mark (July 1993). "Minutes of the IP Over Asynchronous Transfer Mode Working Group (ATM)". Hewlett-Packard. http://ftp.univie.ac.at/netinfo/ietf/atm/atm-minutes-93jul.txt. Retrieved 21 August 2014. 
  17. 17.0 17.1 Mohamed, Arif (March 2009). "A history of cloud computing". ComputerWorld.com. TechTarget. http://www.computerweekly.com/feature/A-history-of-cloud-computing. Retrieved 20 August 2014. 
  18. "The Eucalyptus Story". Eucalyptus Systems, Inc. https://www.eucalyptus.com/about/story. Retrieved 21 August 2014. 
  19. Rochwerger, B.; Caceres, J.; Montero, R.S.; Breitgand, D.; Elmroth, E.; Galis, A.; Levy, E.; Llorente, I.M.; Nagin, K.; Wolfsthal, Y.; Caceres, J.; Ben-Yehuda, M.; Emmerich, W.; Galan, F (2009). "The RESERVOIR Model and Architecture for Open Federated Cloud Computing". IBM Journal of Research and Development 53 (4). http://researchweb.watson.ibm.com/journal/abstracts/rd/534/rochwerger.html. Retrieved 21 August 2014. 
  20. Schurr, Amy (08 July 2008). "Keep an eye on cloud computing". Network World. http://www.networkworld.com/newsletters/itlead/2008/070708itlead1.html. Retrieved 21 August 2014. 
  21. "Gartner Says Worldwide IT Spending On Pace to Surpass Trillion in 2008". Gartner, Inc. 18 August 2008. http://www.gartner.com/it/page.jsp?id=742913. Retrieved 21 August 2014. 
  22. "Gartner Says Worldwide Public Cloud Services Market to Total $131 Billion". Gartner, Inc. 28 February 2013. http://www.gartner.com/newsroom/id/2352816. Retrieved 21 August 2014. 
  23. Farber, Dan (26 September 2008). "Oracle's Ellison nails cloud computing". CNET. CBS Interactive. http://www.cnet.com/news/oracles-ellison-nails-cloud-computing/. Retrieved 21 August 2014. 
  24. Kanaracus, Chris (09 February 2010). "Oracle launches worldwide cloud-computing tour". Network World. http://www.networkworld.com/article/2244231/data-center/oracle-launches-worldwide-cloud-computing-tour.html. Retrieved 21 August 2014. 
  25. Plesser, Andy (29 September 2008). "Cloud Computing is Hyped and Overblown". YouTube. http://www.youtube.com/watch?v=f7wv1i8ubng. Retrieved 21 August 2014. 
  26. Johnson, Bobbie (29 September 2008). "Cloud computing is a trap, warns GNU founder Richard Stallman". The Guardian. http://www.theguardian.com/technology/2008/sep/29/cloud.computing.richard.stallman. Retrieved 21 August 2014. 
  27. Maier, Fran (19 October 2011). "Can There Ever Really Be Privacy in the Cloud?". Mashable. http://mashable.com/2011/10/19/cloud-privacy/. Retrieved 21 August 2014. 
  28. Schwartz, Paul M. (01 May 2013). "Information Privacy in the Cloud". University of Pennsylvania Law Review 161 (1623). http://scholarship.law.berkeley.edu/facpubs/1906/. Retrieved 21 August 2014. 
  29. Howard, Alexander B (18 December 2009). "FISMA compliance for federal cloud computing on the horizon in 2010". SearchCompliance. TechTarget. http://searchcompliance.techtarget.com/news/1377298/FISMA-compliance-for-federal-cloud-computing-on-the-horizon-in-2010. Retrieved 21 August 2014. 
  30. Glotzbach, Matthew (15 September 2009). "Google Apps and Government". Google Official Enterprise Blog. Google. http://googleenterprise.blogspot.com/2009/09/google-apps-and-government.html. Retrieved 21 August 2014. 
  31. Bartels, Angela (05 March 2009). "Cloud Hosting is Secure for Take-off: Mosso Enables The Spreadsheet Store, an Online Merchant, to become PCI Compliant". Rackspace. Archived from the original on 23 February 2011. https://web.archive.org/web/20110223172816/http://www.rackspace.com/cloud/blog/2009/03/05/cloud-hosting-is-secure-for-take-off-mosso-enables-the-spreadsheet-store-an-online-merchant-to-become-pci-compliant/. Retrieved 21 August 2014. 
  32. Brooks, Carl (17 November 2009). "Amazon gets SAS 70 Type II audit stamp, but analysts not satisfied". SearchCloudComputing. TechTarget. http://searchcloudcomputing.techtarget.com/news/article/0,289142,sid201_gci1374629,00.html. Retrieved 21 August 2014. 
  33. Norton, Jerry (31 December 2009). "Assessing Cloud Computing Agreements and Controls". WTN News. WTN Media. http://wtnnews.com/articles/6954/. Retrieved 21 August 2014. 
  34. Helbing, Thomas (29 August 2012). "How the New EU Rules on Data Export Affect Companies in and Outside the EU". Dr. Thomas Helbing. https://www.thomashelbing.com/en/how-new-eu-rules-data-export-affect-companies-and-outside-eu. Retrieved 21 August 2014. 
  35. Richards, Brianna (17 June 2013). "Cloud Computing – Storm or Silver Lining? Pt 2". Trinus Technologies Inc. http://www.trinustech.com/cloud-computing-storm-or-silver-lining-pt-2/. Retrieved 21 August 2014. 
  36. Jenks, Stephen (08 November 2011). "Cloud Computing for Home Has Huge Problems". Stephen Jenks' Blog. http://www.stephenjenks.com/2011/11/cloud-computing-for-home-has-huge-problems/. Retrieved 21 August 2014. 
  37. "Cloud Computing Trademark Trends". Inside Trademarks. 24 March 2010. Archived from the original on 28 March 2010. https://web.archive.org/web/20100328121742/http://insidetrademarks.com/2010/03/24/cloud-computing-trademark-trends/. Retrieved 21 August 2014. 
  38. "Google v US Complaint". Scribd. 31 October 2010. http://www.scribd.com/doc/40513712/Google-v-US-Complaint. Retrieved 21 August 2014. 
  39. Casson, Tony; Ryan, Patrick S. (01 May 2006). "Open Standards, Open Source Adoption in the Public Sector, and Their Relationship to Microsoft’s Market Dominance". Social Science Electronic Publishing. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1656616. Retrieved 21 August 2014. 
  40. Scheier, Robert L (20 April 2009). "What to do if your cloud provider disappears". InfoWorld. IDG Network. http://www.infoworld.com/d/cloud-computing/what-do-if-your-cloud-provider-disappears-508. Retrieved 21 August 2014. 
  41. "GoGrid Moves API Specification to Creative Commons". ServePath. 20 January 2009. Archived from the original on 01 February 2009. https://web.archive.org/web/20090201061221/http://gogrid.com/company/press-releases/gogrid-moves-api-specification-to-creativecommons.php. Retrieved 21 August 2014. 
  42. Brockmeier, Joe (19 February 2010). "Eucalyptus Completes Amazon Web Services Specs with Latest Release". OStatic. http://ostatic.com/blog/eucalyptus-completes-amazon-web-services-specs-with-latest-release. Retrieved 21 August 2014. 
  43. 43.0 43.1 Zissis, Dimitrios; Lekkas, Dimitrios (March 2012). "Addressing cloud computing security issues". Future Generation Computer Systems 28 (3). doi:10.1016/j.future.2010.12.006. http://dl.acm.org/citation.cfm?id=2064287. Retrieved 21 August 2014. 
  44. Messmer, Ellen (22 February 2010). "Security of virtualization, cloud computing divides IT and security pros". Network World. http://www.networkworld.com/article/2244954/virtualization/security-of-virtualization--cloud-computing-divides-it-and-security-pros.html. Retrieved 21 August 2014. 
  45. 45.0 45.1 Armbrust, Michael; Fox, Armando; Griffith, Rean; Joseph, Anthony D.; Katz, Randy; Konwinski, Andy; Lee, Gunho; Patterson, David; Rabkin, Ariel; Stoica, Ion; Zaharia, Matei (April 2010). "A view of cloud computing". Communications of the ACM 53 (4): 50–58. doi:10.1145/1721654.1721672. http://dl.acm.org/citation.cfm?doid=1721654.1721672. Retrieved 21 August 2014. 
  46. Trappier, Thomas (24 June 2010). "If It's in the Cloud, Get It on Paper: Cloud Computing Contract Issues". EDUCAUSE. http://www.educause.edu/ero/article/if-its-cloud-get-it-paper-cloud-computing-contract-issues. Retrieved 21 August 2014.