Cloud computing
is the on-demand delivery of compute power, database storage, applications, and
other IT resources through a cloud services platform via the internet with
pay-as-you-go pricing.
The best way to
start with that is to compare it to traditional IT computing. Where on-premises
on our own networks, we would at some point have a capital investment in
hardware. So think of things like having a server room constructed, getting
racks and then populating those racks with equipment. With things like telecom
equipment, routers, switches, servers, storage arrays, and so on. Then, we have
to account for powering that equipment. We then have to think about HVAC,
heating, ventilation and air conditioning, to make sure that we've got optimal
environmental conditions to maximize the lifetime of our equipment. Then
there's licensing. We have to license our software. We have to install it,
configure it and maintain it over time, including updates. So with traditional
IT computing, certainly there is quite a large need for an IT staff to take
care of all of our on-premises IT systems.
But with cloud
computing, at least with public cloud
computing, we are talking about hosted IT services. Things like servers and
related storage, and databases, and web apps can all be run on provider
equipment that we don't have to purchase or maintain. So in other words, we
only pay for the services that are used.
And another part of the cloud is self-provisioning,
where on-demand, we can provision, for example additional virtual machines or
storage. We can even scale back on
it and that way we're saving money because we're only paying for what we are
using. With cloud computing, all of these self-provisioned services need to be available over a network.
In the case of
public clouds, that network is the Internet.
But something to
watch out for is vendor lock-in.
When we start looking at cloud computing providers, we want to make sure that
we've got a provider that won't lock us into a proprietary file format for
instance. If we're creating documents using some kind of cloud-based software,
we want to make sure that data is
portable and that we can move it back
on-premises or even to another
provider should that need arise.
Then there is responsibility. This really gets broken
between the cloud provider and the cloud consumer or subscriber, otherwise called a tenant. So the degree of responsibility really depends on the
specific cloud service that we're talking about. But bear in mind that there is
more responsibility with cloud computing services when we have more control. So
if we need to be able to control underlying virtual machines, that's fine, but
then it's up to us to manage those virtual machines and to make sure that
they're updated.
The hardware is the provider's
responsibility. Things like power, physical data center facilities in which
equipment is housed, servers, all that stuff. The software, depending on what we're talking about, could be split
between the provider's responsibility and the subscriber's responsibility. For
example, the provider might make a cloud-based email app available, but the
subscriber configures it and adds user accounts, and determines things like how
data is stored related to that mail service. Users and groups would be the subscriber's responsibility when it
comes to identity and access management.
Working with data
and, for example, determining if that data is encrypted when stored in the cloud, that would be the subscriber's
responsibility. Things like data center
security would be the provider's responsibility. Whereas, as we've
mentioned, data security would be
the subscriber's responsibility when it comes to things like data encryption.
The network connection however is
the subscriber's responsibility, and it's always a good idea with cloud
computing, at least with public cloud computing, to make sure you've got not
one, but at least two network paths to that cloud provider.
AmazonWeb Services (https://aws.amazon.com/free/) manages their own data center facilities and they are
responsible for the security of them, as well as physical hardware security
like locked server racks. They're responsible for the configuration of the
network infrastructure, as well as the virtualization infrastructure that will
host virtual machines.
The subscriber
would be responsible for things like AMIs. An AMI, or A-M-I, is an Amazon Machine Image, essentially a
blueprint from which we create virtual machine instances. We get to choose that
AMI when we build a new virtual machine. We, as a subscriber, would also be
responsible for applications that we run in virtual machines, the configuration
of those virtual machines, setting up credentials to authenticate to the
virtual machines, and also dealing with data at rest and in transit and our
data stores.
We can see what
is managed by AWS customers. So data, applications, depending on what we're
configuring, the operating system running in a virtual machine, firewall
configurations, encryption. However, what's managed by Amazon Web Services are
the underlying foundation services,
the compute servers, the hypervisor servers that we run virtual machines on. The
cloud also has a number of characteristics. Just because you're running virtual
machines, for instance, doesn't mean that you have a cloud computing
environment.
A cloud is
defined by resource pooling. So,
we've got all this IT infrastructure pooled together that can be allocated as
needed. Rapid elasticity means that
we can quickly provision or de-provision resources as we need. And that's done
through an on-demand self-provisioned portal, usually web-based. Broad network access means that we've got connectivity
available to our cloud services. It's always available. And measured service means that it's metered, much like a utility, in that we only pay for those
resources that we've actually used. So, now we've talked about some of the
basic characteristics of the cloud and defined what cloud computing is.