Cloud Computing as Defined by NIST


As a resident of Boulder, CO – I am a big fan of NIST. The National Institute for Standards and Technology does lots of important things. NIST is a non-regulatory federal agency within the U.S. Department of Commerce. From automated teller machines to mammograms, innumerable products and services rely in some way on NIST’s technology, measurement, and standards. Not to mention NIST keep’s the nation’s time with their handy atomic clock.

(When I hear “atomic” I think bombs, and I don’t like the idea that it is ticking just a few miles from my home).

Well it turns out that NIST has defined Cloud Computing. Why not? Everyone else has. Cloud Computing has so many definitions that it is difficult to find any two people that agree on what it really means.

On one extreme you have Oracle/Sun CEO Larry Ellison that is sure Cloud Computing means nothing. And then you have the more popular definitions of Cloud Computing that include just about any form of service delivered over a network. In this model, Dial-a-Joke qualifies.

I draw a distinction between Cloud (as in services) and Cloud Computing which I’ve always tightly associated with virtualization technologies. However, NIST doesn’t actually specify virtualization. Instead, NIST specifies abstraction of resources which is a similar result, but possible via alternative technologies.

NIST identifies a total of five essential characteristics, three cloud service models, and four cloud deployment models.

Essential Components

  1. Rapid elasticity. Capabilities can be rapidly and elastically provisioned — in some cases automatically — to quickly scale out; and rapidly released to quickly scale in. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be purchased in any quantity at any time.
  2. On-demand self-service. A consumer can provision computing capabilities such as server time and network storage as needed automatically, without requiring human interaction with a service provider.
  3. Broad network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs) as well as other traditional or cloudbased software services.
  4. Abstraction and Resource pooling. The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. Examples of resources include storage, processing, memory, network bandwidth, and virtual machines. Even private clouds tend to pool resources between different parts of the same organization.
  5. Measured service. Cloud systems automatically control and optimize resource usage by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, or active user accounts). Resource usage can be monitored, controlled, and reported — providing transparency for both the provider and consumer of the service.

Cloud Computing Service Models

This is an area of less debate; three architectural models for cloud computing:

  1. Cloud Software as a Service (SaaS). The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through a thin client interface such as a web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited userspecific application configuration settings. – (
  2. Cloud Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly application hosting environment configurations. (Google App Cloud).
  3. Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls). (Amazon Web Services)

Deployment Models

And Lastly, four deployment models.

  1. Public Cloud. The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services.
  2. Private Cloud. The cloud infrastructure is operated solely for a single organization. It may be managed by the organization or a third party, and may exist on-premises or offpremises.
  3. Community Cloud. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, or compliance considerations). It may be managed by the organizations or a third party and may exist on-premises or off-premises.
  4. Hybrid Cloud. The cloud infrastructure is a composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load-balancing between clouds).

These definitions are refreshing, but also nearly obsolete. The cloud continues to shift and new models are being created rapidly. Examples include the emerging cloud service broker as a service model or the virtual private cloud as a deployment model.

Regardless of the terminology, cloud computing is coming fast and voice is not excepted. Personally, I believe cloud computing will lead to a new generation of hosted voice services – both from service providers and enterprises as the economics to consolidate and centralize voice systems win over decentralized systems.

Dave Michels