Partager via


A Supplement to NIST 800-145

This post presented as a supplement to NIST 800-145 defines the term, service, addresses the significance and ramifications of the three cloud computing service delivery models.

What Is IaaS

For IT professionals, infrastructure are servers which collectively provide computing power, networking, and storage capacities for a datacenter. In the context of cloud computing, servers are delivered as virtual machines, VMs. And here I define "service" as the ability to provide capacity on demand. Therefore, Infrastructure as a Service means the ability to deploy on demand an application architecture formed with a set of VMs, such that a target runtime environment can be prepared followed by deploying an intended application. This ability to provision an application architecture upon request is in essence what IaaS means. In the last decade, virtualization has become the baseline for modern datacenter and a virtual machine (VM) is now a preferred format for hosting workloads. Notice that IaaS is nonetheless about deploying VMs. IaaS is about deploying an application architecture which will ultimately host an application for consumption. IaaS is the next step in a post-virtualization era and an essential architectural layer for constructing cloud computing delivery platform evidenced by an increasing number of IaaS-based private cloud solutions in enterprise space.

What Is PaaS

Platform as a Service, i.e. PaaS, is a term many IT pros find a little bit hard to explain since it appears so generalized and inclusive. Platform here is simply an umbrella term of everything needed to form a runtime environment for a target application. In other words, platform is a customized OS including specific DLLs, API, registry hive, folder structure, network share, temp storage, etc. such that target application code can run as designed. For instance, .Net Framework is a runtime environment, i.e. platform, for .Net applications. And PaaS is the ability to provide a runtime environment for a target application on demand.

One significance of PaaS is that since a runtime environment is available on demand, an application hosted by this runtime environment can then be deployed on demand as well. That means an application deployed to PaaS can and will be automatically delivered as SaaS.

Furthermore, if both a testing/staging environment and a production one are both in the same PaaS environment like what are provided in Windows Azure, promoting from staging to production is a guaranteed success since both are with an identical runtime environment. In a traditional and real-world deployment, the efforts and resources putting in place to assure as much as possible a successful code promotion from staging to production are not trivial. While in cloud computing, employing a PaaS environment for both staging and production guarantees a successful code promotion from staging to production. In fact, in Windows Azure promotion from staging to production is to simply validate the IP setting such that an intended public/production IP will point to a promoted application by the so-called VIP Swapping. Employing PaaS for development and production can noticeably shorten go-to-market and dramatically reduce TCO.

What Is SaaS

The ultimate goal of cloud computing is SaaS which is the ability to deploy or consume application on demand. Or to simply put, SaaS is the anytime anywhere availability, readiness, and capacity of a target application. This is nothing trivial in practical IT considering the scopes, resources, and efforts involved in deploying and maintaining a production application, not to mention in cloud computing all are to be carried out upon request and in a repeatable and predictable fashion for any number of users within the scope of SLA. SaaS is the ultimate level of service delivery to authorized users from IT.

Service Model Hierarchy

Examining IaaS, PaaS, and SaaS, a logical conclusion is a hierarchy where SaaS depends on PaaS, while PaaS depends on IaaS. After all, an application (or software) is to run in a runtime environment (or platform) which is basically a customized OS on a hosting application architecture. The dependency hierarchy among SaaS, PaaS, and IaaS reflects how an application is deployed. This is logical and correct.

This progression from IaaS to PaaS, then SaaS is however a sufficient and not necessary condition. Essentially IaaS is sufficient and nevertheless not necessary for constructing PaaS. While PaaS is sufficient and not necessary for delivering SaaS. Still IaaS, PaaS, and SaaS presents a logical approach and a strategic roadmap with best practices for IT to transition into cloud computing in phases with convergence which will later translate into decreasing TCO and increasing ROI as learned form many case studies.

Service Is Capacity On-Demand

The term, on-demand, should not be taken lightly. On-demand denotes the accessibility, readiness, and capacity of an examined object. Something on demand means that something needs to be always accessible and ready. On demand in the context of cloud computing is applicable to all authorized users. There is a capacity significance here. And not just being able to scale out and up, but when demands diminishes resource capacities can be scaled in and down accordingly. This is so-called elastic. In cloud computing, all consumable resources, i.e. infrastructure, platform, and application are delivered as services, i.e. all available on demand and elastic. IaaS means infrastructure are to be provisioned on demand. PaaS denotes a runtime environment is available on demand. While SaaS indicates a target application is available on demand. In a layman's term, in each delivery model an intended object is always accessible, ready for consumption, and scalable. Anything delivered short of a service is not cloud computing.

On-Demand Denotes Accessibility, Readiness, and Capacities

This is not to be considered as a marketing term. In cloud computing, on-demand is a requirement for user experience and denotes the anytime anywhere accessibility, readiness, and capacities of a requested resource from an authorized user. Considering the five essential characteristics of cloud computing, accessibility has much to do with self-service and ubiquitous access. Readiness is about resource work-flow management, allocations, and monitoring and addressed in resource pooling, elasticity, and analytics. While capacity management is relevant to all five characteristics combined.

Putting the on-demand requirement on an application, it is the concept of a service depicting what a user experience cloud computing must provide. IaaS, PaaS, and SaaS are vivid examples. Needless to say, if it cannot be available on demand, it is not delivered as a service, hence not cloud computing.

The Age of Instant Gratification

As network connectivity, mobile devices, and social media become pervasive, we are now always connected, surrounded with applications and data, and driven by speculations and emotions that are just a touch or a mouse-click away. And the user expectation has raised to a level that anything less than an instant gratification becomes unacceptable. Although this expectation may not be always practical, it is however a reality. IT needs to revamp how to carry out businesses facing these unprecedented challenges and at the same time astounding opportunities to redefine IT’s role in a cloud computing business model which is still emerging.

A traditional infrastructure-centric and device-driven approach are no longer applicable facing a consumer-driven economics fueled by social media, led by current events and speculations, and overwhelmed with unpredictable data patterns. Changes in IT are inevitable. Cloud computing fundamentally is to do just that by reorienting how IT views the world. It is no longer about controlling devices. It is about enabling customers to consume requested services anytime, anywhere, on any network. NIST SP 800-145 lists out the five essential characteristics, outlines what experiences IT must provide, and redirects IT to approach from a user’s experience rather than an infrastructure-centric or device-control viewpoint.

Closing Thoughts

To cloud or not to cloud is not the question. The age of instance gratification is an ultimatum to traditional IT and a demand for modern datacenter where resources are self-served and consumed as a service. For those who are still hesitating, the question is how long one can maintain status quo and how costly IT will become before realizing cloud computing is not really an option but a survival for IT.