evaluation of cloud computing services based on nist · pdf fileevaluation of cloud computing...
TRANSCRIPT
![Page 1: Evaluation of Cloud Computing Services Based on NIST · PDF fileEvaluation of Cloud Computing Services Based on NIST ... The collection of hardware and software that ... Evaluation](https://reader031.vdocument.in/reader031/viewer/2022030410/5a97c0a87f8b9a8b5d8db8a0/html5/thumbnails/1.jpg)
SpecialPublication500-322
Draft-20170427
DRAFT - Evaluation of
Cloud Computing Services Based on NIST 800-145
National Institute of Standards and Technology (NIST)
Eric Simmon Based on work done by the NIST Cloud Computing Services Public Working Group
![Page 2: Evaluation of Cloud Computing Services Based on NIST · PDF fileEvaluation of Cloud Computing Services Based on NIST ... The collection of hardware and software that ... Evaluation](https://reader031.vdocument.in/reader031/viewer/2022030410/5a97c0a87f8b9a8b5d8db8a0/html5/thumbnails/2.jpg)
EvaluationofCloudComputingServicesBasedonNIST800-145
1
This document provides clarification for qualifying a given computing capability as a cloud service bydeterminingifitalignswiththeNISTdefinitionofcloudcomputing;andforcategorizingacloudserviceaccordingtothemostappropriateservicemodel(SaaS,PaaS,orIaaS).
AcknowledgementsNIST thanks the many experts in industry and government who contributed their thoughts to the creation and review of this definition. NIST would like to acknowledgement the members of the NIST Cloud Computing Services Public Working Group listed below who worked many hours providing input for this document. A special thanks to Cary Landis who was the industry chair of the group.
CaryLandis(Chair–NISTCloudComputingServicesPublicWorkingGroup)AliKhalvati(GSA)LalitBajaj(GSA)DonBeaver(GSA)JamesYapleAngelaRoweJamesMooneyJamesFowlerEugeneLusterLarryLamersKeithParker(ASI for GSA) GaryRouse(VMSI for GSA) TravisFergusonChrisFerrisKavyaPearlman
![Page 3: Evaluation of Cloud Computing Services Based on NIST · PDF fileEvaluation of Cloud Computing Services Based on NIST ... The collection of hardware and software that ... Evaluation](https://reader031.vdocument.in/reader031/viewer/2022030410/5a97c0a87f8b9a8b5d8db8a0/html5/thumbnails/3.jpg)
EvaluationofCloudComputingServicesBasedonNIST800-145
2
Contents1 Introduction.........................................................................................................................................3
2 TheNISTDefinitionofCloudComputing.............................................................................................4
3 AnalysisoftheEssentialCharacteristicsofCloudComputing.............................................................6
3.1 On-demandself-service..............................................................................................................6
3.2 Broadnetworkaccess.................................................................................................................7
3.3 ResourcePooling........................................................................................................................8
3.4 Rapidelasticity............................................................................................................................9
3.5 Measuredservice........................................................................................................................9
4 AnalysisofCloudServiceModels.......................................................................................................10
4.1 SoftwareasaService(SaaS).....................................................................................................11
4.2 PlatformasaService(PaaS)......................................................................................................12
4.3 InfrastructureasaService(IaaS)..............................................................................................13
5 AnalysisofCloudDeploymentModels..............................................................................................14
5.1 PrivateCloudComputingServiceDeployment.........................................................................17
5.2 CommunityCloudComputingServiceDeployment..................................................................18
5.3 PublicCloudComputingServiceDeployment...........................................................................19
5.4 HybridCloudComputingServiceDeployment..........................................................................19
6 Worksheets........................................................................................................................................20
6.1 CloudServiceWorksheet..........................................................................................................20
6.2 CloudServiceModelWorksheet...............................................................................................21
6.3 CloudDeploymentModelWorksheet......................................................................................22
7 ExampleCloudServiceMarketingTerms...........................................................................................22
8 References............................................................................................Error!Bookmarknotdefined.
![Page 4: Evaluation of Cloud Computing Services Based on NIST · PDF fileEvaluation of Cloud Computing Services Based on NIST ... The collection of hardware and software that ... Evaluation](https://reader031.vdocument.in/reader031/viewer/2022030410/5a97c0a87f8b9a8b5d8db8a0/html5/thumbnails/4.jpg)
EvaluationofCloudComputingServicesBasedonNIST800-145
3
1 Introduction TheFederalCloudComputingStrategy1characterizescloudcomputingasa“profoundeconomicandtechnicalshift(with)greatpotentialtoreducethecostoffederalInformationTechnology(IT)systemswhile…improvingITcapabilitiesandstimulatinginnovationinITsolutions.”Topromotethemissionandeconomicbenefitsofcloudservices,theOfficeofManagementandBudget(OMB)issueda“CloudFirst”policytoencouragetheadoptionofcloudcomputingservicestogainnewefficienciesandsavemoney.ThepolicyrequiresagencyChiefInformationOfficers(CIOs)toimplementacloud-basedservicewheneverthereisasecure,reliable,andcost-effectiveoption.ThepolicytakesadvantageofcostsavingsefficienciesthatweredescribedinseveralcomplementaryandparallelUnitedStatesGovernment(USG)initiatives,suchasthe25PointImplementationPlantoReformFederalInformationTechnologyManagement.
TheNationalInstituteofStandardsandTechnology(NIST),consistentwithitsmission,2hasatechnologyleadershiproleinsupportoftheUSGsecureandeffectiveadoptionoftheCloudComputingmodel3toreducecostsandimproveservices.NISTwaschargedwiththemissionofdevelopingacloudcomputingtechnologyroadmapandtoleadeffortsindevelopingandprioritizingcloudcomputingstandards.TheNISTCloudComputingProgram(NCCP)createdaseriesofpublicworkinggroupsoncloudcomputingtogenerateinputfortheSP500-291NISTCloudComputingStandardsandRoadmap,andSP500-293NISTCloudComputingTechnologyRoadmap,VolumeIandII.Thisdocument,hereafterreferredtoas“theRoadmap,”containstenhigh-levelpriorityrequirementsinsecurity,interoperability,andportabilityfortheUSG’sadoptionofcloudcomputing.
Requirement4oftheRoadmapisfor“Clearlyandconsistentlycategorizedcloudservices.”Thisrequirementisimportanttoensurethatcustomersunderstandthecharacteristicsofdifferenttypesofcloudservicesandareabletoobjectivelyevaluate,compare,andselectcloudservicessuitabletomeettheirbusinessobjectives.
Intheabsenceofclarification,organizationsareatriskofadopting“services”thatdonotprovidecharacteristicsofcloudcomputing.Forexample,somevendorsreportedlydecidetolabeltheircomputingofferingsas“cloudservices,”eveniftheofferingsdonotsupporttheessentialcharacteristicsofacloudserviceintheNISTdefinition.
Furthermore,thefrequentandcommonusageoftheinformal“aaS”suffixinmarketing,asin“EaaS”,“DaaS”,and“STaaS”(oftenreferedtoas“XaaS”or“EverythingasaService”)isconfusing,and(unintentionally)obfuscatingthearchitecturallywell-foundeddistinctionofIaaS,PaaS,andSaaS.These“cloudservicetypes”aregenerallycoinedbyappendingthesuffix“aaS”afteratypeofcomputingcapability.Thismakesitdifficulttodeterminewhethersomethingisacloudserviceandhasunintendedconsequencefororganizationstryingtosatisfytheircloud-firstobjectives.
Todemystifytheambiguitysurroundingcloudservices,theNISTCloudComputingServicesPublicWorkingGroupanalyzedtheNISTcloudcomputingdefinitionanddevelopedguidanceonhowtouseittoevaluatecloudservices.
1OfficeofManagementandBudget,U.S.ChiefInformationOfficer,FederalCloudComputingStrategy,Feb.8,2011.Online:www.cio.gov/documents/Federal-Cloud-Computing-Strategy.pdf.2ThiseffortisconsistentwiththeNISTrolepertheNationalTechnologyTransferandAdvancementAct(NTTAA)of1995,whichbecamelawinMarch1996.3NISTDefinitionofCloudComputing,SpecialPublication800-145,September2011.
![Page 5: Evaluation of Cloud Computing Services Based on NIST · PDF fileEvaluation of Cloud Computing Services Based on NIST ... The collection of hardware and software that ... Evaluation](https://reader031.vdocument.in/reader031/viewer/2022030410/5a97c0a87f8b9a8b5d8db8a0/html5/thumbnails/5.jpg)
EvaluationofCloudComputingServicesBasedonNIST800-145
4
ThisdocumentclarifiesthecloudcomputingservicemodelsaspublishedinNISTSpecialPublication(SP)800-145,TheNISTDefinitionofCloudComputing(NISTDefinition,September2011).TheNISTDefinitionwasintendedforthestatedpurposeof“broadcomparisonsofcloudservicesanddeploymentstrategies,andtoprovideabaselinefordiscussionfromwhatiscloudcomputingtohowtobestusecloudcomputing.”4
Theclarificationsupportstheproperplanningforcloudmigration,deployment,andretirementofrelevantlegacysystems.TheGAOrecommendedinJuly2012thatsevenauditedfederalagenciesshouldestablishestimatedcosts,performancegoals,andplanstoretireassociatedlegacysystemsforeachtypeofcloud-basedserviceaswellasthesameforretiringlegacysystems,asapplicable,forplannedadditionalcloud-basedservices5.
Asthisdocumentismeanttoprovideguidanceinunderstandingthecategorization,evaluation,comparison,andselectionofcloudservices,itdoesnotprovideaprescriptivesetofguidelinesfortheselectionprocess.Instead,itusestheprinciplessetforthintheNISTcloudcomputingdefinitionasaframeworkforunderstandingaccustomer’srequirementsinacloudcomputingcontextandthecapabilitiesofferedbycloudserviceproviders(CSP)stoenableeasierdecisionmaking.TheNISTcloudcomputingdefinitionallowsforflexibilityinitsinterpretationandinmanycases,thefinaldecisionreliesonamixtureofobjectiveandsubjectiveperspectives.
Thisdocumentisintendedforusebyanystakeholder,including,butnotlimitedto,buyersofITandcloudservices,ITmanagers,programmanagers,FedRAMPstakeholders,systemsintegrators,resellersofcloudservices,etc.
2 The NIST Definition of Cloud Computing NISTSP800-145waspublishedinthefallof2010.Sincethattime,thecloudcomputingenvironmenthasexperiencedagrowthintechnicalmaturity,yettheNISTDefinitionhasretainedaworldwideacceptance.ThisdocumentprovidesananalysisoftheNISTDefinitionofCloudComputingbasedontoday’sperspectiveandprovidesamethodologyforevaluatingservices,complementingtheNISTdefinition.
NISTSP800-145providesaonesentencedefinitionofcloudcomputingas“amodelforenablingubiquitous,convenient,on-demandnetworkaccesstoasharedpoolofconfigurablecomputingresources(e.g.,networks,servers,storage,applications,andservices)thatcanberapidlyprovisionedandreleasedwithminimalmanagementeffortorserviceproviderinteraction.”Inaddition,theNISTdefinitionintroducesthesupportingconceptsofthreecloudservicemodels,fiveessentialcharacteristics,andfourtypesofclouddeployments.
Intotal,theNISTCloudComputingDefinitioniscomposedof14interrelatedtermsandtheirassociateddefinitions:
Coredefinitionofthecloudcomputingmodel(above)Fiveessentialcharacteristics
o On-demandself-serviceo Broadnetworkaccesso Resourcepoolingo Rapidelasticityo Measuredservice
4http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf5http://www.gao.gov/assets/600/592249.pdf
![Page 6: Evaluation of Cloud Computing Services Based on NIST · PDF fileEvaluation of Cloud Computing Services Based on NIST ... The collection of hardware and software that ... Evaluation](https://reader031.vdocument.in/reader031/viewer/2022030410/5a97c0a87f8b9a8b5d8db8a0/html5/thumbnails/6.jpg)
EvaluationofCloudComputingServicesBasedonNIST800-145
5
Threeservicemodelso SoftwareasaService(SaaS)o PlatformasaService(PaaS)o InfrastructureasaService(IaaS)
Fourdeploymentmodelso Publico Privateo Communityo Hybrid
Footnoteddefinitionof“cloudinfrastructure.”
SP500-145alsoincludesmultipleclarifyingstatementsthatareintegratedintothetextofthevariousdefinitions.TheNISTDefinitionmakesuseofadditionaltermsthatareclarifiedbelow:
Application:Withinthecontextofcloudcomputing,thetermapplicationmayrefertoeitheracloud-enabledSaaS,webormobileapplication(e.g.Facebook),oranapplicationthatexistsonavirtualmachine(e.g.,Linuxapplication).Itisthereforepreferabletoclarifythattypeofapplicationwhenusingthetermtoavoidconfusion.asaService(aaS):Theterm“asa[cloud]Service”isasuffixdescribingacomputingcapabilitythatsupportsallfiveessentialcharacteristicsofcloudcomputing.Theterm“asaservice(aaS)”impliesthatSaaS,PaaS,andIaaSaredeliveredbywayofsoftware.CloudInfrastructure:Thecollectionofhardwareandsoftwarethatenablesthefiveessentialcharacteristicsofcloudcomputing.Theconsumerofacloudservicedoesnotmanageorcontroltheunderlyingcloudinfrastructure.CloudInfrastructureisrepresentedinSP500-292NISTCloudComputingReferenceArchitecture(CCRA)withinthe‘ResourceAbstractionandControl’layerandHardwarelayer.CloudService:Acomputingcapabilitythatisdeliveredasaservice.EssentialCharacteristics:Thefivecharacteristicsthatmustbeavailableinacomputingcapabilitytobequalifiedasa“cloudservice.”Theyarelistedhereforclarity,butarediscussedingreaterdetailsinSection3.o on-demandself-service(seeclause3.1)o broadnetworkaccess(seeclause3.2)o resourcepooling(seeclause3.3)o rapidelasticity(seeclause3.4)o measuredservice(seeclause3.5)
Multi-tenant:Anarchitectureinwhichasinglecomputingresourceissharedbutlogicallyisolatedtoservemultipleconsumers.ServiceModel:Thehighest-levelcategorizationofcloudservicesasbasedonthetypeofcomputingcapabilitythatisprovided.Anygivencloudservicemaybecategorizedasoneofthreeservicemodels,namelySoftwareasaService(SaaS),PlatformasaService(PaaS),orInfrastructureasaService(IaaS).
![Page 7: Evaluation of Cloud Computing Services Based on NIST · PDF fileEvaluation of Cloud Computing Services Based on NIST ... The collection of hardware and software that ... Evaluation](https://reader031.vdocument.in/reader031/viewer/2022030410/5a97c0a87f8b9a8b5d8db8a0/html5/thumbnails/7.jpg)
EvaluationofCloudComputingServicesBasedonNIST800-145
6
Thisdocumentusesanadditionalterm“cloudservicetype”todescribeinformaltermsoftencoinedandusedbyindustrybyaddingthesuffix“aaS”afteracomputingcapability,e.g.,EmailasaService(EaaS).cloudservicetypesareanalyzedinSection7ofthisdocument.
3 Analysis of the Essential Characteristics of Cloud Computing ThissectionprovidesadetailedanalysisofthefiveEssentialCharacteristicsofCloudComputingfoundabove.Theapproachwastodecomposeeachcharacteristictodeterminetheprimarycriteriafordeterminingifacomputingcapabilityisofferedasacloudserviceandthedifferentoptionsfordeterminingwhetherthecriteriaismet.
Tounderstandtheessentialcharacteristics,itisimportanttounderstandthemeaningoftheterm“essential.”InthecontextofSP800-145andthisdocument,“essential”meanseachcloudserviceprovider(CSP)musthavethecapabilitytoofferandtoprovideeachessentialcharacteristictothecloudservicecustomer(CSC)foragivenservice.TheCSCmayormaynotelecttoimplementoruseeachessentialcharacteristicinaspecificinstance.Inaddition,theCSCmustmakeasubjectivejudgementtodetermineiftheirrequirementsarefulfilledandtodecideiftheCSP’sofferingcanbeconsideredacloudservicefortheirpurposes.
TheprocessofcategorizingacomputingcapabilityisnotalwaysdefinitivebecausetherequirementsfortheservicemayvarybyCSC.Therefore,thisdocumentallowsflexibilityindeterminingthatacomputingcapabilityqualifiesasacloudservicebyprovidingoptionsforevaluatingeachcapability.
Theoptionsaredescribedas“OptionA”or“OptionB,”where“OptionA”ismoreobjective,while“OptionB”ismoresubjectiveanddependentonthespecificrequirementsoftheCSC.IfaCSCchoosestouseOptionBinsteadofOptionA,theymustevaluatewhether“OptionB”meetstheirrequirements,andtheresultsarenotcomparablebetweenCSCswithdifferentrequirements.
Whetheranentitycanconfirmaspecificcriterionisdependentonthecriterionitself.Somecriteriaareexternallyvisible(suchasavailability)andcanbeconfirmedbytheCSCorotherthirdpartyentity,whileothercriteria(suchasresourcepooling)areinternaltothecloudserviceandmustbeconfirmedbytheCSP.
3.1 On-demand self-service “Aconsumercanunilaterallyprovisioncomputingcapabilities,suchasservertimeandnetworkstorage,asneededautomaticallywithoutrequiringhumaninteractionwitheachserviceprovider.”–NISTDefinitionofCloudComputing
PrimaryCriteria Thecomputingcapabilitycanbeprovisionedwithouthumaninteractionwiththeserviceprovider.
OptionA) Fullyautomatedserviceprovisioning(boththeCSCinterfaceandtheinternalcloudinfrastructure).
Option B) TheCSCusesanautomatedinterfacetorequestandtracktheservice,buttheprovidermayusemanuallabortoprovisiontheserviceinternally.
Entitycapableofconfirming?
TheCSCcanconfirmitiseitherOptionAorOptionBbutcannotdistinguishonefromtheotherbecausetheycanonlyseethe
![Page 8: Evaluation of Cloud Computing Services Based on NIST · PDF fileEvaluation of Cloud Computing Services Based on NIST ... The collection of hardware and software that ... Evaluation](https://reader031.vdocument.in/reader031/viewer/2022030410/5a97c0a87f8b9a8b5d8db8a0/html5/thumbnails/8.jpg)
EvaluationofCloudComputingServicesBasedonNIST800-145
7
provisioninginterface,notthesystembehindtheinterface.Therefore,theCSPwillconfirmwhetheritisOptionAorOptionB.
AdditionalClarification
• ThetermconsumerandCSCareusedsynonymously.• Examplesof“computingcapabilities”includeservertimeand
networkstorage.
• Theterm“Unilaterally”referstothefactthattheCSCinitiatestheservicewithouthumaninteractionwithahumanontheCSPside.TheCSCorganizationmayhaveaworkflowprocessinvolvinghumanssuchasthoseforoversightandapprovalofexpenditures,andthepurchasecanstillbedescribedasunilateral.
• Thetermautomaticallyreferstoautomatedprovisioning.
• Thequestionaroseastowhetheraticketingsystemsupportstherequirementforautomatedprovisioning.TheCloudServicesWorkingGroupmemberssuggest“yes,”aslongastheprovisioningisfastenoughtosupportCSCrequirementsasdescribedintheService-LevelAgreement(SLA).
Benefits • “Asneeded”accesstocomputingcapabilities.
3.2 Broad network access “Capabilitiesareavailableoverthenetworkandaccessedthroughstandardmechanismsthatpromoteusebyheterogeneousthinorthickclientplatforms(e.g.,mobilephones,tablets,laptops,andworkstations).”–NISTDefinitionofCloudComputing
PrimaryCriteria Thecomputingcapabilityisavailablefromawiderangeoflocationsusingstandardprotocols.
OptionA) AvailableovertheInternet.OptionB) Availableoveranetworkthatisavailablefromall
accesspointstheCSCrequires.
Entitycapableofconfirming
TheCSCorCSPcanconfirmOptionA.
TheCSCwillconfirmOptionB(thisisbasedontheCSC'srequirementsforthecloudservice).
AdditionalClarification
• Examplesofthinorthickclientplatformsaremobilephones,tablets,laptops,andworkstations.
• Thephrase“thinorthick”isnotincludedasprimarycriteriabecauseitincludesallclients.
![Page 9: Evaluation of Cloud Computing Services Based on NIST · PDF fileEvaluation of Cloud Computing Services Based on NIST ... The collection of hardware and software that ... Evaluation](https://reader031.vdocument.in/reader031/viewer/2022030410/5a97c0a87f8b9a8b5d8db8a0/html5/thumbnails/9.jpg)
EvaluationofCloudComputingServicesBasedonNIST800-145
8
• Theterm“standardmechanisms”impliesthatthecomputingcapabilityisavailableusingstandardprotocolssuchofhttp,REST,TCP/IP,UDP,and/orotherInternetprotocols.
• Theterm“broadnetwork”canapplyequallytopublic,private,orhybridclouds.
Benefits • Anytimeanyplaceaccesstocomputingresourcesfromanymachinewithinpolicyandsecurityconstraints,
3.3 Resource Pooling “Theprovider’scomputingresourcesarepooledtoservemultipleconsumersusingamulti-tenantmodel,withdifferentphysicalandvirtualresourcesdynamicallyassignedandreassignedaccordingtoconsumerdemand.Thereisasenseoflocationindependenceinthatthecustomergenerallyhasnocontrolorknowledgeovertheexactlocationoftheprovidedresourcesbutmaybeabletospecifylocationatahigherlevelofabstraction(e.g.,country,state,ordatacenter).Examplesofresourcesincludestorage,processing,memory,andnetworkbandwidth.”–NISTDefinitionofCloudComputing
PrimaryCriteria ThecomputinginfrastructureissharedamongmorethanoneCSC.OptionA)TwoormoreCSCscansharethecloudservice
resourcesusingamulti-tenantmodel.Entitycapableofconfirming
Thisisdependentontheinternalarchitectureofthecloudservice–thereforetheCSPwillconfirm.
AdditionalClarification
• ThereisasenseoflocationindependenceinthattheCSCgenerallyhasnocontrolorknowledgeovertheexactlocationoftheprovidedresourcesbutmaybeabletospecifylocationatahigherlevelofabstraction(e.g.,country,state,ordatacenter).
• Examplesof“resources”includestorage,processing,memory,andnetworkbandwidth.
• ThetermconsumerandCSCareusedsynonymously.• Theessentialcharacteristicismetifthecapabilitytoserve
multipletenantsexists,regardlessofhowmanytenantsareactuallyserved.
• AccordingtotheNISTSpecialPublication500-293–U.S.GovernmentCloudComputingTechnologyRoadmapVolumeII,theResourceAbstractionandControlLayeroftheCloudComputingReferenceArchitecture“tiestogetherthenumerousunderlyingphysicalresourcesandtheirsoftwareabstractionstoenableresourcepooling.”
![Page 10: Evaluation of Cloud Computing Services Based on NIST · PDF fileEvaluation of Cloud Computing Services Based on NIST ... The collection of hardware and software that ... Evaluation](https://reader031.vdocument.in/reader031/viewer/2022030410/5a97c0a87f8b9a8b5d8db8a0/html5/thumbnails/10.jpg)
EvaluationofCloudComputingServicesBasedonNIST800-145
9
• Resourcepoolingisaninherentbenefitofanyservicemodel(SaaS,PaaS,orIaaS)thatishostedoncloudinfrastructure.
Benefits • Lowerscostsbysharingresources.
3.4 Rapid elasticity “Capabilitiescanbeelasticallyprovisionedandreleased,insomecasesautomatically,toscalerapidlyoutwardandinwardcommensuratewithdemand.Totheconsumer,thecapabilitiesavailableforprovisioningoftenappeartobeunlimitedandcanbeappropriatedinanyquantityatanytime.”–NISTDefinitionofCloudComputing
PrimaryCriteria Thecomputingcapabilitiescanbe“rapidly”provisionedandreleasedtoscale.
OptionA) Resourceallocationmodificationisautomatedandnear-real-time.
OptionB) Notfullyautomated,butfastenoughtosupporttherequirementsoftheCSC.
Entitycapableofconfirming
TheCSCorCSPcanconfirm.
AdditionalClarification
• TotheCSC,thecapabilitiesavailableforprovisioningoftenappeartobeunlimitedandcanbeappropriatedinanyquantityatanytime.
• Rapidelasticitygenerallyrelatestohorizontalscaling.
Benefits • Abilitytoquicklygrowandshrinkcomputingcapability–andassociatedcosts–dynamicallyaccordingtoneed.
3.5 Measured service “Cloudsystemsautomaticallycontrolandoptimizeresourceusebyleveragingameteringcapability1atsomelevelofabstractionappropriatetothetypeofservice(e.g.,storage,processing,bandwidth,andactiveuseraccounts).Resourceusagecanbemonitored,controlled,andreported,providingtransparencyforboththeproviderandconsumeroftheutilizedservice.”–NISTDefinitionofCloudComputing
![Page 11: Evaluation of Cloud Computing Services Based on NIST · PDF fileEvaluation of Cloud Computing Services Based on NIST ... The collection of hardware and software that ... Evaluation](https://reader031.vdocument.in/reader031/viewer/2022030410/5a97c0a87f8b9a8b5d8db8a0/html5/thumbnails/11.jpg)
EvaluationofCloudComputingServicesBasedonNIST800-145
10
PrimaryCriteria CloudservicescharacteristicsincludingresourceusagearemeasuredwithenoughdetailtosupporttherequirementsoftheCSC.
OptionA) CloudservicecharacteristicsaremeasuredwithenoughdetailtosupporttherequirementsoftheCSC.
Entitycapableofconfirming
TheCSCorCSPcanconfirm.
AdditionalClarification
• ThetermconsumerandCSCareusedsynonymously.• Typically“metering”isdoneonapay-per-useorcharge-per-
usebasis,thoughmeteringmaybeusedfor“showback,”aswellaschargeback.Forexample,inaprivatecloud,meteringmaybeusedtoshoworganizationalleadershipwhichpartsoftheorganizationareconsumingwhatportionofcloudresources.
• Examplesincludetrackingunitsofservicesconsumedandassociatedcosts,andtrackingresourceusagetotheapplicationlevel.
• Resourceusagecanbemonitored,controlled,andreported,providingtransparencyforboththeCSPandCSCoftheutilizedservice.
4 Analysis of Cloud Service Models InSP800-145,cloudservicesarethecomputingcapabilitiesthatareprovidedbytheCSP(thatsupportstheessentialcharacteristicsofcloudcomputing.TheNISTCloudComputingDefinitionprovidesthreepossiblecloudservicescategories(calledservicemodels):SoftwareasaService(SaaS),PlatformasaService(PaaS),andInfrastructureasaService(IaaS).WithrespecttotheNISTCloudComputingReferenceArchitecture(CCRA),cloudservicesaremadeavailableintheServicelayer,whichispartoftheServiceOrchestrationstack.
TheServiceModelsaredepictedintheCCRAas“Lshaped”horizontalandverticalbars,ratherthanasasimple“three-layercake”stack.Thereasonisthat,althoughcloudservicescanbedependentuponeachotherinthestack,itisalsopossiblefortheservicestobeimplementedindependentlyandinteractdirectlywiththeresourceabstractionandcontrollayer.
SaaS,PaaS,andIaaSarebestdistinguishedbytwofactors:thecomputingcapabilitythatisprovisionedandtheprimaryCSCs(enduser,developer/deployer,orIToperations).Theterm“platform”inthePaaScontextreferstoadevelopmentplatformand/ordeploymentplatformforcloud-enabledapplications.Theterm“platform”isbroadlyusedinthecomputingindustry.ItthereforehelpstounderstandthecontextofthetermwithregardtoPlatformasaService.
![Page 12: Evaluation of Cloud Computing Services Based on NIST · PDF fileEvaluation of Cloud Computing Services Based on NIST ... The collection of hardware and software that ... Evaluation](https://reader031.vdocument.in/reader031/viewer/2022030410/5a97c0a87f8b9a8b5d8db8a0/html5/thumbnails/12.jpg)
EvaluationofCloudComputingServicesBasedonNIST800-145
11
Thissectionsupportsthecategorizationofagivencloudserviceasasoftware,platform,orinfrastructureservice.ThisguidanceforcategorizingcloudservicessupportsRequirement#4oftheU.S.GovernmentCloudComputingTechnologyRoadmapVolumeI(SP500-293,October2014),whichcallsfor“clearandconsistentlycategorizedcloudservices.”
Theprimarydeterminingfactorsforcategorizingacloudserviceare:
1) Thecomputingcapabilitythatisprovisioned(softwareapplication,platformorinfrastructure);and
2) TheprimaryCSCs(enduser,developer/deployer,orIToperations).
4.1 Software as a Service (SaaS) ThecapabilityprovidedtotheCSCistousetheCSP’sapplicationsrunningonacloudinfrastructure.6Theapplicationsareaccessiblefromvariousclientdevicesthrougheitherathinclientinterface,suchasawebbrowser(e.g.,web-basedemail),oraprograminterface.TheCSCdoesnotmanageorcontroltheunderlyingcloudinfrastructureincludingnetwork,servers,operatingsystems,storage,orevenindividualapplicationcapabilities,withthepossibleexceptionoflimiteduser-specificapplicationconfigurationsettings.
PrimaryCriteria 1) Theservicethatisprovisionedisasoftwareapplication,describedascomputerprogramsdesignedtopermittheusertoperformagroupofcoordinatedfunctions,tasks,oractivities.7
AND
2) TheprimaryCSCsareendusersofsoftwareapplications.8
Entitycapableofconfirming
TheCSCwillconfirm.
AdditionalClarification
• Theterm“applications”intheSaaScontextreferstocloud-enabledapplications(e.g.,webormobile)bynatureofsupportingessentialcharacteristic#2–broadnetworkaccess.ThisdiffersfromVM/desktopapplicationsthatmaybeinstalledonavirtualmachine.
• SaaSapplicationsareaccessiblefromvariousclientdevicesthrougheitherathinclientinterface,suchasawebbrowser(e.g.,web-basedemail),orapplicationprogramminginterface(API).9
• SaaSapplicationsmaybeextensiblebywayofanAPI.• AwebapplicationisnotnecessarilyconsideredSaaS,unlessthe
applicationitselfqualifiesasacloudservice.• TheSaaSprovideristypicallyresponsibleforallaspectsof
makingthesoftwareserviceavailable,includingtheavailabilityofanyPaaSandIaaSdependencies.TheNISTReference
6SeedefinitionofCloudInfrastructureonpage5.7http://www.pcmag.com/encyclopedia/term/37919/application-program8ReferenceArchitecture2.2(CloudConsumer);andUSGCloudComputingTechnologyRoadmap2.2.2.19http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
![Page 13: Evaluation of Cloud Computing Services Based on NIST · PDF fileEvaluation of Cloud Computing Services Based on NIST ... The collection of hardware and software that ... Evaluation](https://reader031.vdocument.in/reader031/viewer/2022030410/5a97c0a87f8b9a8b5d8db8a0/html5/thumbnails/13.jpg)
EvaluationofCloudComputingServicesBasedonNIST800-145
12
ArchitectureforCloudComputingclarifiesthattheSaaSproviderisresponsiblefordeploying,configuring,maintaining,andupdatingtheoperationofthesoftwareapplicationsonacloudinfrastructure.Theterm“provider”referstotheentityresponsibleformakingtheserviceavailableandmaythereforebedifferentthantheSaaSapplicationdeveloper.
• ManymodernSaaSapplicationsareextensible.ExtensibilityalonedoesnotdenotethatasoftwareserviceisPaaS.
Commoncategories • Custom(Forexample,customapplicationsbuiltordeployedusingPaaS)
• Offtheshelf(Forexample,cloud-basedemailapplications)
4.2 Platform as a Service (PaaS) ThecapabilityprovidedtotheCSCistodeployontothecloudinfrastructureCSC-createdoracquiredapplicationscreatedusingprogramminglanguages,libraries,services,andtoolssupportedbytheprovider.*3TheCSCdoesnotmanageorcontroltheunderlyingcloudinfrastructureincludingnetwork,servers,operatingsystems,orstorage,buthascontroloverthedeployedapplicationsandpossiblyconfigurationsettingsfortheapplication-hostingenvironment.*3Thiscapabilitydoesnotnecessarilyprecludetheuseofcompatibleprogramminglanguages,libraries,services,andtoolsfromothersources.
PrimaryCriteria 1. Theservicethatisprovisionedisasoftwaredevelopmentand/ordeploymentplatform,describedasthecapabilityto[developand/or]deployapplications10withoutthecomplexitiesofmanagingunderlyinginfrastructureservices.11
AND
2. TheprimaryCSCsareapplicationdeveloperswhodesignandimplementapplicationsoftware,andapplicationdeployerswhopublishapplicationsintothecloud.12
Entitycapableofconfirming
TheCSCwillconfirm.
AdditionalClarification
• Theterm“platform”inthePaaScontextreferstoadevelopmentand/ordeploymentplatformforcloud-enabledapplications.
10http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf11http://www.networkworld.com/article/2163430/cloud-computing/paas-primer--what-is-platform-as-a-service-and-why-does-it-matter-.html12ReferenceArchitecture2.2(CloudConsumer);andUSGCloudComputingTechnologyRoadmap2.2.2.1(CloudConsumer)
![Page 14: Evaluation of Cloud Computing Services Based on NIST · PDF fileEvaluation of Cloud Computing Services Based on NIST ... The collection of hardware and software that ... Evaluation](https://reader031.vdocument.in/reader031/viewer/2022030410/5a97c0a87f8b9a8b5d8db8a0/html5/thumbnails/14.jpg)
EvaluationofCloudComputingServicesBasedonNIST800-145
13
• Theterm“applications”inthePaaScontextreferstocloud-enabledapplications(e.g.,webormobile)bynatureofsupportingessentialcharacteristic#2–broadnetworkaccess.ThisdiffersfromVM/desktopapplicationsthatmaybeinstalledonavirtualmachine.
• PaaSisdistinguishedfromanextensibleSaaSorwebapplicationbyitsprimaryCSCs:developersanddeployersversusendusers.
• TheapplicationscanbeCSC-createdoracquired.• Theapplicationscanbecreatedusingprogramminglanguages,
libraries,services,andtoolssupportedbytheprovider.Thisdoesnotnecessarilyprecludetheuseofcompatibleprogramminglanguages,libraries,services,andtoolsfromothersources.13
• APaaSprovidermayberesponsibleformakingtheplatformserviceavailable,includinganyIaaSdependencies.Thesetypicaltermsmaybenegotiatedasasharedresponsibilitymodel.
CommonCategories • Applicationdevelopmentplatforms• Applicationdeploymentplatforms• Integrationplatforms
4.3 Infrastructure as a Service (IaaS) ThecapabilityprovidedtotheCSCtoprovisionprocessing,storage,networks,andotherfundamentalcomputingresourceswheretheCSCcandeployandrunarbitrarysoftware,whichcanincludeoperatingsystemsandapplications.TheCSCdoesnotmanageorcontroltheunderlyingcloudinfrastructurebuthascontroloveroperatingsystems,storage,anddeployedapplications,andpossiblylimitedcontrolofselectnetworkingcomponents(e.g.,hostfirewalls).
PrimaryCriteria 1. Theservicethatisprovisionedisinfrastructure.AND2. TheprimaryCSCsareanITOperationsrolecreating,
installing,monitoring,andmanagingservicesandapplicationsdeployedinanIaaScloud.14
Entitycapableofconfirming
TheCSCwillconfirm.
AdditionalClarification
• Theinfrastructureserviceistypicallysoftware-defined.• InfrastructureasaServiceisdistinctlydifferentfromcloud
infrastructure(seedefinition)andalsodifferentfromtheunderlyingphysicalinfrastructure.
13http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf14ReferenceArchitecture2.2(CloudConsumer);andUSGCloudComputingTechnologyRoadmap2.2.2.1(CloudConsumer)
![Page 15: Evaluation of Cloud Computing Services Based on NIST · PDF fileEvaluation of Cloud Computing Services Based on NIST ... The collection of hardware and software that ... Evaluation](https://reader031.vdocument.in/reader031/viewer/2022030410/5a97c0a87f8b9a8b5d8db8a0/html5/thumbnails/15.jpg)
EvaluationofCloudComputingServicesBasedonNIST800-145
14
• Theterms“software”and“application”intheIaaScontextreferstoVM/desktopsoftwareandapplications,ratherthanreferringtocloud-enabledSaaSorwebapplications.
• Theinfrastructureservicemayoptionallyincludeapre-installedoperatingsystemandothersupportVM/desktopsoftwareandapplications,suchaswebserver.
• Theterm“arbitrarysoftware”inthiscontextmeansthattheCSCcandeployandrunmanytypesofVM/desktopsoftware.
CommonCategories • Computingresources• Networkresources• Storageresources
5 Analysis of Cloud Deployment Models DefinitionoftheCloudDeploymentModels
InSP800-145,clouddeploymentmodelsdescribehowthecloudisoperatedandwhohasaccesstothecloudserviceresources.ThefourdeploymentmodelsaredefinedinSP800-145asfollows:
Privatecloud.ThecloudinfrastructureisprovisionedforexclusiveusebyasingleorganizationcomprisingmultipleCSCs(e.g.,businessunits).Itmaybeowned,managed,andoperatedbytheorganization,athirdparty,orsomecombinationofthem,anditmayexistonoroffpremises.
Communitycloud.ThecloudinfrastructureisprovisionedforexclusiveusebyaspecificcommunityofCSCsfromorganizationsthathavesharedconcerns(e.g.,mission,securityrequirements,policy,andcomplianceconsiderations).Itmaybeowned,managed,andoperatedbyoneormoreoftheorganizationsinthecommunity,athirdparty,orsomecombinationofthem,anditmayexistonoroffpremises.
Publiccloud.Thecloudinfrastructureisprovisionedforopenusebythegeneralpublic.Itmaybeowned,managed,andoperatedbyabusiness,academic,orgovernmentorganization,orsomecombinationofthem.Itexistsonthepremisesofthecloudprovider.
Hybridcloud.Thecloudinfrastructureisacompositionoftwoormoredistinctcloudinfrastructures(private,community,orpublic)thatremainuniqueentities,butareboundtogetherbystandardizedorproprietarytechnologythatenablesdataandapplicationportability(e.g.,cloudburstingforloadbalancingbetweenclouds).
DetailsoftheCloudDeploymentModels
ThefollowingdetaileddiscussionofclouddeploymentmodelsisfromtheNISTCloudComputingStandardsRoadmap.
PrivateCloud-AprivatecloudgivesasingleCSC’sorganizationtheexclusiveaccesstoandusageofthecloudserviceandrelatedinfrastructureandcomputationalresources.ItmaybemanagedeitherbytheCSCorganizationorbyathirdparty,andmaybehostedontheorganization’spremises(i.e.,on-site
![Page 16: Evaluation of Cloud Computing Services Based on NIST · PDF fileEvaluation of Cloud Computing Services Based on NIST ... The collection of hardware and software that ... Evaluation](https://reader031.vdocument.in/reader031/viewer/2022030410/5a97c0a87f8b9a8b5d8db8a0/html5/thumbnails/16.jpg)
EvaluationofCloudComputingServicesBasedonNIST800-145
15
privateclouds)oroutsourcedtoahostingcompany(i.e.,outsourcedprivateclouds).Figure1andFigure2presentanon-siteprivatecloudandanoutsourcedprivatecloud,respectively.
Figure 1: On-site Private Cloud
Figure 2: Outsourced Private Cloud
CommunityCloud-AcommunitycloudservesagroupofCSCsthathavesharedconcernssuchasmissionobjectives,security,privacyandcompliancepolicy,ratherthanservingasingleorganization(e.g.,aprivatecloud).Similartoprivateclouds,acommunitycloudmaybemanagedbytheorganizationsorbyathirdparty,andmaybeimplementedontheCSC’spremise(i.e.,on-sitecommunitycloud)oroutsourcedtoahostingcompany(i.e.,outsourcedcommunitycloud).Figure3depictsanon-sitecommunitycloudcomprisedofanumberofparticipantorganizations.ACSCcanaccessthelocalcloudresources,andalsotheresourcesofotherparticipatingorganizationsthroughtheconnectionsbetweentheassociatedorganizations.Figure4showsanoutsourcedcommunitycloud,wheretheserversideisoutsourcedtoahostingcompany.Inthiscase,anoutsourcedcommunitycloudbuildsitsinfrastructureoffpremise,andservesasetoforganizationsthatrequestandconsumecloudservices.
![Page 17: Evaluation of Cloud Computing Services Based on NIST · PDF fileEvaluation of Cloud Computing Services Based on NIST ... The collection of hardware and software that ... Evaluation](https://reader031.vdocument.in/reader031/viewer/2022030410/5a97c0a87f8b9a8b5d8db8a0/html5/thumbnails/17.jpg)
EvaluationofCloudComputingServicesBasedonNIST800-145
16
Figure 3: On-site Community Cloud
Figure 4: Outsourced Community Cloud
PublicCloud-Apubliccloudisoneinwhichthecloudinfrastructureandcomputingresourcesaremadeavailabletothegeneralpublicoverapublicnetwork.Apubliccloudisownedbyanorganization
![Page 18: Evaluation of Cloud Computing Services Based on NIST · PDF fileEvaluation of Cloud Computing Services Based on NIST ... The collection of hardware and software that ... Evaluation](https://reader031.vdocument.in/reader031/viewer/2022030410/5a97c0a87f8b9a8b5d8db8a0/html5/thumbnails/18.jpg)
EvaluationofCloudComputingServicesBasedonNIST800-145
17
providingcloudservices,andservesadiversepoolofclients.Figure5presentsasimpleviewofapubliccloudanditscustomers.
Figure 5: Public Cloud
Ahybridcloudisacompositionoftwoormoreclouds(on-siteprivate,on-sitecommunity,off-siteprivate,off-sitecommunityorpublic)thatremainasdistinctentitiesbutareboundtogetherbystandardizedorproprietarytechnologythatenablesdataandapplicationportability.Figure6presentsasimpleviewofahybridcloudthatcouldbebuiltwithasetofcloudsinthefivedeploymentmodelvariants.
Figure 6: Hybrid Cloud
5.1 Private Cloud Computing Service Deployment
PrimaryCriteria Onlyoneorganizationcanusethecloudserviceandtheunderlyingresources.
Entitycapableofconfirming
TheCSPmustconfirm.
![Page 19: Evaluation of Cloud Computing Services Based on NIST · PDF fileEvaluation of Cloud Computing Services Based on NIST ... The collection of hardware and software that ... Evaluation](https://reader031.vdocument.in/reader031/viewer/2022030410/5a97c0a87f8b9a8b5d8db8a0/html5/thumbnails/19.jpg)
EvaluationofCloudComputingServicesBasedonNIST800-145
18
AdditionalClarification
Organizationinprivatecloudcontext–Inaprivatecloudcontext,themodel,definition,andassociatedriskstoanorganizationremainsintact,asthecloudresourcesareprovisionedforexclusiveusebyasingleorganizationcomprisingmultiplebusinessunits.Inaprivatecloudmodel,theorganizationgetsaffectedinthefollowingways:
• Organization’scloudresourcesmaybeowned,managed,and
operatedbyorganization,athirdpartyoracombination.• Privatecloudmaybeonpremisesoroffpremisesandprovides
muchgreatercontroloverdata,underlyingsystems,andapplications.
• Privatecloudmodelprovidesanorganizationgreatercontroloversecurity,assuranceoverdatalocation,andremovalofmultiplejurisdictionlegalandcompliancerequirements.
Commoncategories on-siteprivatecloudoutsourcedprivatecloud
5.2 Community Cloud Service Deployment
PrimaryCriteria AspecificcommunityofCSCsfromorganizationsthathavesharedconcernshaveexclusiveuseofthecloudserviceandtheunderlyingresources.
Entitycapableofconfirming
ThecommunityofcloudCSCsformingthegroupoforganizationsverifiesthescopeofthegroupoforganizations,whiletheCSPmustconfirmthattheserviceandunderlyinginfrastructureareexclusivetothegroup.
AdditionalClarification
Organizationincommunitycloudcontext-Inacommunitycloudcontext,themodel,definition,andassociatedriskstoanorganizationaresharedbyotherorganizations,asthecloudresourcesareprovisionedforexclusiveusebyaspecificcommunityofCSCsfromorganizationsthathavesharedobjectivesandrequirements.Inacommunitycloudmodel,theorganizationgetsaffectedinthefollowingways:• Organization’scloudresourcesmaybeoperatedbyoneor
moreoftheorganizationsinthecommunityorathirdparty.• Communitycloudsgenerallygetthecostbenefitsofapublic
cloudwhileprovidingheightenedprivacy,security,andregulatorycompliance.
Acloudserviceauditorcanconductindependentassessmentofcloudservicestoconfirmthescopeofthegroupandconfirm
![Page 20: Evaluation of Cloud Computing Services Based on NIST · PDF fileEvaluation of Cloud Computing Services Based on NIST ... The collection of hardware and software that ... Evaluation](https://reader031.vdocument.in/reader031/viewer/2022030410/5a97c0a87f8b9a8b5d8db8a0/html5/thumbnails/20.jpg)
EvaluationofCloudComputingServicesBasedonNIST800-145
19
thattheserviceandunderlyinginfrastructureareexclusivetothegroup.
Commoncategories on-sitecommunitycloud
outsourcedprivatecloud
5.3 Public Cloud Service Deployment
PrimaryCriteria UnrelatedCSCsusethesharedcloudserviceandtheunderlyingresources.
Entitycapableofconfirming
TheCSCwillconfirmaccesstotheprovidedservices.
AdditionalClarification
WhiletheCSPmaylimitaccesstoaservice,theCSChasnocontroloverthesetofusersaccessingtheservice.
Commoncategories
5.4 Hybrid Cloud Service Deployment
Criteria Atleasttwoormoredistinctcloudinfrastructuresareconnectedtogethertofacilitatehosteddataandapplicationportability.
Entitycapableofconfirming
TheCSPwillconfirm.
AdditionalClarification
Commoncategories
Criteria ThecloudserviceinfrastructureforeachsetofCSCsisvirtuallyseparatedfromtheothersetsofCSCs.
Entitycapableofconfirming
TheCSPwillconfirm.
AdditionalClarification
Commoncategories
Criteria ThecloudserviceinfrastructurehardwareissharedbetweenallsetsofCSCs.
Entitycapableofconfirming
TheCSPwillconfirm.
![Page 21: Evaluation of Cloud Computing Services Based on NIST · PDF fileEvaluation of Cloud Computing Services Based on NIST ... The collection of hardware and software that ... Evaluation](https://reader031.vdocument.in/reader031/viewer/2022030410/5a97c0a87f8b9a8b5d8db8a0/html5/thumbnails/21.jpg)
EvaluationofCloudComputingServicesBasedonNIST800-145
20
AdditionalClarification
Commoncategories
6 Worksheets
6.1 Cloud Service Worksheet
ThefollowingworksheetmaybeusedalongwithSection3todeterminewhetheraserviceisacloudservice.
On-DemandSelf-Service
CanthecomputingcapabilitybeprovisionedwithouthumaninteractionwiththeCSP?
____YES____NO
IfYes,whatlevel?
____OptionA)Fullyautomatedserviceprovisioning
____OptionB)TheCSCusesanautomatedinterfacetorequestandtracktheservice,buttheCSPmayusemanuallabortoprovisioningtheservice.BroadNetworkAccess
Isthecomputingcapabilityavailablefromawiderangeoflocationsusingstandardprotocols?
____OptionA)AvailableovertheInternetusinginternetprotocols
____OptionB)AvailableoveranetworkthatavailablefromallaccesspointstheCSCrequiresResourcePooling
CantwoormoreCSCsuseasinglecloudservicewheretheresourcesaresharedbasedonamulti-tenantmodel?____YES____NO
![Page 22: Evaluation of Cloud Computing Services Based on NIST · PDF fileEvaluation of Cloud Computing Services Based on NIST ... The collection of hardware and software that ... Evaluation](https://reader031.vdocument.in/reader031/viewer/2022030410/5a97c0a87f8b9a8b5d8db8a0/html5/thumbnails/22.jpg)
EvaluationofCloudComputingServicesBasedonNIST800-145
21
CantheresourcesbeassignedandreassignedaccordingtoCSCdemand?
____YES___NO
RapidElasticity
Canthecomputingcapabilitiesbe“rapidly”provisionedandreleasedtoscale?____YES____NO
____OptionA)Resourceallocationmodificationisautomatedandnear-real-time(withinfiveminutes).____OptionB)Notfullyautomated,butfastenoughtosupporttherequirementsoftheCSC.
MeasuredService
CloudservicescharacteristicsincludingresourceusagearemeasuredwithenoughdetailtosupporttherequirementsoftheCSC.____YES____NO
____OptionB)Cloudservicesand/orresourceusagearemeasuredwithenoughdetailtosupporttherequirementsoftheCSC.
6.2 Cloud Service Model Worksheet
ThefollowingworksheetmaybeusedalongwithSection4todeterminewhetheraserviceisacloudservice.
IsthecloudserviceSaaS,PaaSorIaaS?
SoftwareasaService(SaaS)
• IsthecloudserviceaSoftwareApplication?____YES____NO
• IstheprimaryCSCan“enduser”oftheapplication?____YES____NO
IstheservicePlatformasaService(PaaS)?
• IsthecloudserviceaSoftwareDevelopmentand/orDeploymentPlatform?____YES____NO
![Page 23: Evaluation of Cloud Computing Services Based on NIST · PDF fileEvaluation of Cloud Computing Services Based on NIST ... The collection of hardware and software that ... Evaluation](https://reader031.vdocument.in/reader031/viewer/2022030410/5a97c0a87f8b9a8b5d8db8a0/html5/thumbnails/23.jpg)
EvaluationofCloudComputingServicesBasedonNIST800-145
22
• IstheprimaryCSCadeveloperordeployer?____YES____NO
IstheserviceInfrastructureasaService?(IaaS)?
• IsthecloudserviceITInfrastructure?____YES____NO
• IstheprimaryCSCsupportinganITOperationsrole?____YES____NO
6.3 Cloud Deployment Model Worksheet ThefollowingworksheetmaybeusedalongwithSection5todeterminewhetheraserviceisacloudservice.
Isthecloudserviceprivate,community,public,orhybrid?
PrivateDeployment
• Isthecloudserviceinfrastructure,includinghardwareresources,usedonlybyasingleCSC?____YES____NO
CommunityDeployment
• IsthecloudserviceinfrastructureincludinghardwareresourcesusedbyaknownsetofCSCs,butnotavailabletoanyCSC?____YES____NO
PublicDeployment
• IsthecloudserviceinfrastructureavailableforusebyanyCSCs?____YES____NO
7 Example Cloud Service Marketing Terms Cloudservicemarketingtermsareinformaltermsoftencoinedandusedbyindustrybyaddingthesuffix“aaS”afteracomputingcapability(e.g.,EmailasaService).Cloudservicemarketingtermsdonotreplacethethreeservicemodels(SaaS,PaaS,andIaaS),whichserveasthehigh-levelcategorizationofcloudservices,butratherservetoinformallyfacilitatecommunicationrelatingtospecializedservices.AtthistimeNISTdoesnottakeapositionondefininganygivencloudservicetypes.Acloudservicetypemayoptionallybeinformallyusedtosubcategorizethecloudservicesmodels;however,theusageisinconsistentdependingonthesourceoftheterm.Thefollowingisalistofexamplesidentifiedfromvarioussources,includingInternetsearches,solicitations,andmarketingcollaterals.Thisisnotacompletelistofallcloudservicemarketingterms,andthelistisnotvalidatedorfilteredinanyway.
AddressVerificationasaServiceAnythingasaService
EncryptionasaService MobilityBackendasaServiceMonitoringasaService
![Page 24: Evaluation of Cloud Computing Services Based on NIST · PDF fileEvaluation of Cloud Computing Services Based on NIST ... The collection of hardware and software that ... Evaluation](https://reader031.vdocument.in/reader031/viewer/2022030410/5a97c0a87f8b9a8b5d8db8a0/html5/thumbnails/24.jpg)
EvaluationofCloudComputingServicesBasedonNIST800-145
23
APIasaservice(APIaaS)ApplicationDeliveryasaServiceApplicationPlatformasaServiceArchitectureasaServiceAuthenticationasaServiceBackendasaServiceBackupasaServiceBigDataasaServiceBrokerasaServiceBusinessasaServiceBusinessProcessasaServiceCloudLoadBalancersasaServiceCloudSearchasaServiceCollaboration-as-a-ServiceCommerceasaServiceCommunicationasaServiceComputingasaServiceContactCenterasaServiceConversationsasaServiceDataasaserviceDatabaseasaserviceDesktopasaServiceDevelopmentasaServiceDevTestasaServiceDisasterRecoveryasaServiceDrupalasaServiceEmailasaService
EnterpriseResourceManagementasaServiceEthernetasaServiceEverythingasaServiceFirewallasaServiceFrameworkasaServiceGlobalizationasaServiceHadoopasaServiceHardwareasaServiceHighPerformanceComputingasaServiceIdentityasaServiceInfrastructurePaaSInsightasaServiceIntegratedDevelopmentEnvironmentasaServiceIntegrationasaServiceIntegrationPlatformasaServiceIntegrationPlatformasaServiceITasaServiceJavaPlatformasaServiceKnowledgeasaServiceLightasaServiceLogonasaServiceManagementasaServiceMashupsasaServiceMessageQueuingasaServiceMetalasaServiceMobilityasaService
NetworkAccessControlasaServiceNetworkasaServiceOperationsasaServiceOptimizationasaServicePaymentasaServiceQualityasaServiceQueryasaServiceRecoveryasaServiceRemoteBackupasaServiceRiskAssessmentasaServiceRobotasaServiceSecurityasaserviceServiceDeskasaServiceSolutionsasaServiceStorageasaServiceTelepresenceasaServiceTestenvironmentasaServiceTestingasaServiceTransportasaServiceUnifiedCommunicationsasaServiceUserInterfaceasaServiceVideoConferencingasaServiceVideoSurveillanceasaServiceVoiceasaServiceWebsiteasaService
8 Bibliography TheNISTDefinitionofCloudComputing(SP800-145)
NISTCloudComputingStandardsRoadmap(SP500-291)
TheNISTCloudComputingReferenceArchitecture(SP500-292)
USGovernmentCloudComputingTechnologyRoadmapVolumesIandII(SP500-293)
TheNISTCloudComputingSecurityArchitecture(SP500-299)
GAOReport-INFORMATIONTECHNOLOGYREFORMProgressMadebutFutureCloudComputingEffortsShouldbeBetterPlanned-(GAO-12-756)