Leslie Fife - The Official (ISC)2 CCSP CBK Reference

If you believe you've found a mistake in this book, please bring it to our attention. At John Wiley & Sons, we understand how important it is to provide our customers with accurate content, but even with our best efforts, an error may occur.

To submit your possible errata, please email it to our Customer Service Team at wileysupport@wiley.comwith the subject line “Possible Book Errata Submission.”

FOUNDATIONAL TO THE UNDERSTANDINGand use of the cloud and cloud computing is the information found in Domain 1. This information is fundamental for all other topics in cloud computing. A set of common definitions, architectural standards, and design patterns will put everyone on the same level when discussing these ideas and using the cloud effectively and efficiently.

The first task is to define common concepts. In the following sections, we will provide common definitions for cloud computing terms and will discuss the various participants in the cloud computing ecosystem. We will also discuss the characteristics of cloud computing, answering the question “What is cloud computing?” We will also examine the technologies that make cloud computing possible.

The basic concepts of cloud computing, service models, and deployment models form the foundation of cloud computing practice. It is essential to understand each of them.

In NIST SP 800-145, cloud computing is defined as “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources… . that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

Cloud computing is more than distributed computing or parallel computing even when done over a network (local area network or Internet). It is a philosophy that creates access to computing resources in a simple, self-driven way. If an individual has to call up the vendor and negotiate a contract for a fixed service, it is probably not cloud computing. Similarly, a company may negotiate rates and services in a cloud environment. But, the provisioning of services must not require ongoing involvement by the vendor.

Cloud computing requires a network in order to provide broad access to infrastructure, development tools, and software solutions. It requires some form of self-service to allow users to reserve and access these resources at times and in ways that are convenient to the user.

The provisioning of resources needs to be automated so that human involvement is limited. Any user should be able to access their account and procure additional resources or reduce current resource levels by themselves.

An example is Dropbox, a cloud-based file storage system. An individual creates an account, chooses the level of service they want or need, and provides payment information, and then the service and storage are immediately available. A company might negotiate contract rates more favorable than are available to the average consumer. But, once the contract is in place, the employees access this resource in much the same way as an individual user of this service.

There are three service models: software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS). These models determine the type of user the cloud service is designed for: end users, developers, or system administrators.

The different service models also dictate the level of control over software applications, operating systems, networking, and other components. The least control for the end user exists in the SaaS model, with only basic configuration controls available, if any. The most control for the end user is the IaaS model where operating system selection and configuration, patching, and software tools and applications are under the control of the end user.

When the service is provided to a company, the distinction can be less clear. While a PaaS may be intended for use by developers, there may be some administration of the service by the company as well. In fact, the lines often blur when a corporation enters into a business relationship with a cloud provider but does much of the provisioning and administrative work in house.

For example, Office 365 can be considered a SaaS solution, and to the individual consumer there is little or no administrative overhead. But, if a company contracts for Office 365, they may in fact administer the system, overseeing account provisioning, system monitoring, and other tasks that would be the domain of developers and administrators.

There are four deployment models: public, private, community, and hybrid clouds. These define who owns and controls the underlying infrastructure of a cloud service and who can access a specific cloud service.

A public cloud deployment makes resources available for anyone who chooses to create an account and purchase access to the service. A service like Dropbox is available to the public SaaS deployment. Accounts on various cloud service providers such as Amazon Web Services (AWS), Google, and IBM Cloud are also public deployments of services.

A private cloud deployment consists of a set of cloud resources for a single organization (business, non-profit, etc.). The cloud may be located on-premise in the organization’s data center or may be in a single tenant cloud environment provided by a CSP. The services (SaaS, PaaS, or IaaS) are available solely to that organization. You get many of the advantages of a cloud such as the on-demand resources and minimal management effort. However, the company still owns the infrastructure. This can provide the benefits of cloud computing for files and data that are too sensitive to put on a public cloud.

A community cloud is most similar to a public cloud. It is a cloud deployment for a related group of companies or individuals such as a consortium of universities or a group of local or state governments. The cloud may be implemented in one of the organizations, with services provided to all members. Or, it can be implemented in an infrastructure like AWS or Google. However, access to the cloud resources is available only to the members of the group.

A hybrid cloud is any combination of these. A company may have a private cloud that accesses public cloud resources for some of its functions. The hybrid cloud allows the organization of cloud resources in whatever way makes the most sense to the organization. Private individuals are not usually involved in a hybrid cloud. This is because few individuals have their own private cloud or belong to a community cloud as individuals.

These concepts will be discussed further in the “Cloud Deployment Models” section later in this chapter.

There are a number of roles in cloud computing, and understanding each role allows clearer understanding of each of the cloud service models, deployment models, security responsibilities, and other aspects of cloud computing.

The cloud service customer (CSC) is the company or person purchasing the cloud service, or in the case of an internal customer, the employee using the cloud service. For example, a SaaS CSC would be any individual or organization that subscribes to a cloud-based email service. A PaaS CSC would be an individual or organization subscribing to a PaaS resource. A PaaS resource could be a development platform. With an IaaS solution, the customer is a system administrator who needs infrastructure to support their enterprise. In a very real sense, the customer is the individual the particular service model was created to support.