(National Institute of Standards and Technology) The NIST's definition of cloud computing identifies "five essential characteristics":
| Model | |
|---|---|
| Infrastructure as a service (IaaS) | Virtual machines, servers, storage, load balancers, networks |
| Platform as a service (PaaS) | Execution runtime, database, web server, development tools |
| Software as a service (SaaS) | CRM, Email, Virtual desktop, communication, games |
Gartner defines a hybrid cloud service as a cloud computing service that is composed of some combination of private, public and community cloud services.
It allows one to extend either the capacity or the capability of a cloud service, by aggregation, integration or customization with another cloud service.
Cloud architecture is the software systems involved in the delivery of cloud computing using multiple cloud components.
Cloud engineering is the application of engineering disciplines to cloud computing.
Cloud computing poses privacy concerns like
Countermeasures
Here's a list of some of the main benefits cloud computing has to offer:
Economical: Building our own servers and tools takes time and is just as expensive as ordering, paying, installing and configuring expensive hardware long before it is needed. However, by using cloud computing, we only pay the main costs and time period for using the computing resources. In this manner, cloud computing remains profitable.
Reliability: A cloud computing platform offers a better managed, consistent and efficient service than an internal IT infrastructure. Furthermore, 24/7 and 365 days of service are assured. If one of the servers goes down, the hosted applications and services can easily be transferred to any of the available servers.
Unlimited Storage: Cloud computing offers almost unlimited storage capacity which means that there is no need to worry about running out of storage space or increasing the capacity of the existing storage space. We have access to as little or as much as needed.
Backup and restore: It is comparatively simpler to save data in the cloud, back it up, and restore than to save it on a physical computer. There is also ample technology for cloud service providers to recover our data, so it can be accessible at any time.
Easy access to information: once you have registered in the cloud, you can access your account from anywhere in the world, as long as internet connection is available. There are several storage and security facilities which vary depending on the type of account chosen.
While Cloud Computing offers a great array of benefits, it also has drawbacks that often raise questions about its effectiveness.
Security concerns. The biggest issue with cloud computing is stability. Cloud service providers introduce the best security norms and industry certifications, but storing important data and files on third-party service providers can pose certin degree of risks.
The most scalable and stable cloud network built is the AWS cloud infrastructure. It provides a scalable and extremely reliable platform that enable customers to rapidly and securely deploy applications and data.
Technical problems. Because cloud service providers render services to a number of customers on a daily basis, the system can sometimes experience serious problems resulting in a temporary suspension of business processes. Moreover, if there is no access to internet connection, there will be no access to the applications, servers or data in the cloud.
Uncertainties in changing service providers. Cloud service providers promise customers that the cloud will be flexible to use and integrate, however, switiching to cloud services can be difficult. It could be difficult for most organisations to host and implement existing cloud systems on another platform. Certain difficulties can be experienced in interoperability and support, such as applications developed on the Linux platform that may not work properly on Microsoft Development Framework (.Net).
Protect your data: The AWS infrastructure does a great job at helping you protect your privacy. In highly secured AWS data centers, all data is effectively stored.
Meeting compliance requirements: AWS manage dozens of compliance programs in its infrastructure and this imply that parts of your compliance process has been completed.
Save money: You can reduce costs by using AWS data centers and also maintain the highest level of security without having to manage your own installation.
Scale quickly: The security system adapts to your AWS Cloud usage. Regardless of the size of your business, the AWS infrastructure is designed to protect your data.
AWS Cloud Compliance helps you understand the robust controls used at AWS to maintain data security and ultimately protect your data in the cloud. Since the systems are built on the AWS Cloud infrastructure, compliance responsibilities are shared. By combining governance-focused, auditfriendly service functions with applicable compliance or auditing standards, AWS Compliance Enablers leverage other traditional programs. This help customers set up and operate in an AWS security auditing environment.
The IT infrastructure that AWS offer its clients is built and controlled in compliance with the best security practices and a variety of IT security requirements, Here is a partial list of insurance programs that AWS complies with:
| Pillar Name | Description |
|---|---|
| Operational Excellence | The ability to support development and run workloads effectively, gain insight into their operations, and to continuously improve supporting processes and procedures to deliver business value. |
| Security | The security pillar encompasses the ability to protect data, systems, and assets to take advantage of cloud technologies to improve your security |
| Reliability | The reliability pillar encompasses the ability of a workload to perform its intended function correctly and consistently when it’s expected to. This includes the ability to operate and test the workload through its total lifecycle. This paper provides in-depth, best practice guidance for implementing reliable workloads on AWS. |
| Performance Efficiency | The ability to use computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve. |
| Cost Optimization | The ability to run systems to deliver business value at the lowest price point |
A private cloud is a service dedicated to a single customer—it is like your on-premise data cen- ter, which is accessible to one large enterprise. A private cloud is a fancy name for a data center managed by a trusted third party. This concept gained momentum to ensure security as, initially, enterprises were skeptical about public cloud security, which is multi-tenant. However, having your own infrastructure in this manner diminishes the value of the cloud as you have to pay for resources even if you are not running them.
Let’s use an analogy to understand the difference between private and public clouds further. The gig economy has great momentum. Everywhere you look, people are finding employment as contract workers. One of the reasons contract work is getting more popular is because it enables consumers to contract services that they may otherwise not be able to afford. Could you imagine how expensive it would be to have a private chauffeur? But with Uber or Lyft, you almost have a private chauffeur who can be at your beck and call within a few minutes of you summoning them.
A similar economy of scale happens with a public cloud. You can have access to infrastructure and services that would cost millions of dollars if you bought them on your own. Instead, you can access the same resources for a small fraction of the cost.
In general, private clouds are expensive to run and maintain in comparison to public clouds. For that reason, many of the resources and services offered by the major cloud providers are hosted in a shared tenancy model. In addition to that, you can run your workloads and applications on a public cloud securely: you can use security best practices and sleep well at night knowing that you use AWS’s state-of-the-art technologies to secure your sensitive data.
Additionally, most major cloud providers’ clients use public cloud configurations. That said, there are a few exceptions even in this case. For example, the United States government intelligence agencies are a big AWS customer. As you can imagine, they have deep pockets and are not afraid to spend. In many cases with these government agencies, AWS will set up the AWS infrastructure and dedicate it to the government workload. For example, AWS launched a Top Secret Region– AWS Top Secret-West–which is accredited to operate workloads at the Top-Secret U.S. security classification level. The other AWS GovCloud regions are:
GovCloud (US-West) Region - Launched in 2011 Availability Zones: 3
GovCloud (US-East) Region - Launched in 2018 Availability Zones: 3
AWS GovCloud (US) is a set of AWS Regions that have been purposely isolated to enable U.S. government entities and clients to transfer sensitive workloads to AWS. This platform caters to particular regulatory and compliance standards such as Department of Defense Security Re- quirements Guide (DoD SRG) Impact Levels 4 and 5, Federal Risk and Authorization Management Program (FedRAMP) High, and Criminal Justice Information Services (CJIS), among others.
Public cloud providers such as AWS provide you choices to adhere to compliance needs as re- quired by government or industry regulations. For example, AWS offers Amazon EC2 dedicated instances, which are EC2 instances that ensure that you will be the only user for a given physical server. Further, AWS offers AWS Outpost, where you can order server racks and host workloads on-premise using the AWS control plane.
Dedicated instance and outpost costs are significantly higher than on-demand EC2 instances. On-demand instances are multi-tenant, which means the physical server is not dedicated to you and may be shared with other AWS users. However, just because the physical servers are multi- tenant doesn’t mean that anyone else can access your server as those will be dedicated virtual EC2 instances accessible to you only.
As we will discuss later in this chapter, you will never know the difference when using EC2 instanc- es if they are hosted on a dedicated physical server compared to a multi-tenant server because of virtualization and hypervisor technology. One common use case for choosing dedicated instances is government regulations and compliance policies that require certain sensitive data to not be in the same physical server with other cloud users.
Now that we have gained a better understanding of cloud computing in general, let’s get more granular and learn about how AWS does cloud computing.