The US Federal Government defines Cloud Computing (Draft)
Reuven Cohen
So why does it matter what the US federal government thinks of Cloud Computing? Simple, with an IT budget of more then 70 billion dollars a year, the US government represents the largest IT consumer on the planet. With this kind of money at stake, the influence the US government imposes is enormous and directly influences how we as industry both define and use the cloud.
Something I found particularly interesting was that for the first time, the federal government is moving more quickly then the private sector in both their interest and potential adoption of what has been referred to as the federal cloud. Making things even more interesting is the appointment of Patrick Stingley as what I would describe as the federal "Cloud Czar" or more formally the Federal Cloud CTO at the General Services Administration (GSA). GSA being the federal agency that provides goods and services to other federal agencies and will be the point of contact for any federal cloud services either offered directly or procured through various cloud providers. I should also note that Stingley is also the CTO for the Dept. of the Interior. One of Stingley's first tasks is creating a development plan for a federal cloud computing capability.
I've been saying this for awhile, before Cloud Computing can be broadly adopted by various governmental bodies we must have a clear definition of what it is. In yesterdays Federal CIO Cloud Summit a draft definition for federal use of cloud computing was revealed. The purpose of this definition is to act as a kind of basic litmus test for use as the various government agency move forward in selecting cloud related products and services.
The definition was prepared by Peter Mell and Tim Grance at the National Institute of Standards and Technology (NIST). For those unfamiliar with NIST, they are a non-regulatory agency of the United States Department of Commerce with a mission to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve quality of life. Simply put, their definition of cloud computing will be the de facto standard definition that the entire US government will be given.
In creating this definition, NIST consulted extensively with the private sector including a wide range of vendors, consultants and industry pundants including your truly. Below is the draft NIST working definition of Cloud Computing. I should note, this definition is a work in progress and therefore is open to public ratification & comment. The initial feedback was very positive from the federal CIO's who were presented it yesterday in DC.
-------------------------------
Draft NIST Working Definition of Cloud Computing
4-24-09
Peter Mell and Tim Grance - National Institute of Standards and Technology, Information Technology Laboratory
Note 1: Cloud computing is still an evolving paradigm. Its definitions, use cases, underlying technologies, issues, risks, and benefits will be refined in a spirited debate by the public and private sectors. These definitions, attributes, and characteristics will evolve and change over time.
Note 2: The cloud computing industry represents a large ecosystem of many models, vendors, and market niches. This definition attempts to encompass all of the various cloud approaches.
Definition of Cloud Computing:
Cloud computing is a pay-per-use model for enabling available, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is comprised of five key characteristics, three delivery models, and four deployment models.
Key Characteristics:
On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed without requiring human interaction with each service’s provider.
Ubiquitous network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs).
Location independent resource pooling. The provider’s computing resources are pooled to serve all consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. The customer generally has no control or knowledge over the exact location of the provided resources. Examples of resources include storage, processing, memory, network bandwidth, and virtual machines.
Rapid elasticity. Capabilities can be rapidly and elastically provisioned to quickly scale up and rapidly released to quickly scale down. To the consumer, the capabilities available for rent often appear to be infinite and can be purchased in any quantity at any time.
Pay per use.
Capabilities are charged using a metered, fee-for-service, or
advertising based billing model to promote optimization of resource
use. Examples are measuring the storage, bandwidth, and computing
resources consumed and charging for the number of active user accounts
per month. Clouds within an organization accrue cost between business
units and may or may not use actual currency.
Note: Cloud software takes full advantage of the cloud paradigm by being service oriented with a focus on statelessness, low coupling, modularity, and semantic interoperability.
Delivery Models:
Cloud Software as a Service (SaaS). The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure and accessible from various client devices through a thin client interface such as a Web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
Cloud Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created applications using programming languages and tools supported by the provider (e.g., java, python, .Net). The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, or storage, but the consumer has control over the deployed applications and possibly application hosting environment configurations.
Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer is to rent processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly select networking components (e.g., firewalls, load balancers).
Deployment Models:
Private cloud. The cloud infrastructure is owned or leased by a single organization and is operated solely for that organization.
Community cloud. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations).
Public cloud. The cloud infrastructure is owned by an organization selling cloud services to the general public or to a large industry group.
Hybrid cloud.
The cloud infrastructure is a composition of two or more clouds
(internal, community, or public) that remain unique entities but are
bound together by standardized or proprietary technology that enables
data and application portability (e.g., cloud bursting).
Each
deployment model instance has one of two types: internal or external.
Internal clouds reside within an organizations network security
perimeter and external clouds reside outside the same perimeter.
---
Reuven
CCIF Instigator
G. Hussain Chinoy
Greg Pfister
Predictably, the second "US Federal Government Agency" (Defense
Information Systems Agency) has a different cloud definition than the
first agency (NIST) quoted by Reuven.
For a minute there, I thought there was going to be something agreed
to. ( sort of :-) ).
So NIST can go back to defining what time it is and other traditional
measurements. (Their Info Tech Lab says they do Information
Measurement Science.)
Not that Mell & Grance's presentation is at all bad. It's rather good,
actually. But it's right up there with the (probably) 100s of others.
It's a crowded field.
Just wanted to make sure nobody gets *too* excited about this.
Greg Pfister
http://perilsofparallel.blogspot.com/
On May 7, 1:55 pm, "G. Hussain Chinoy" <ghchi...@gmail.com> wrote:
> Some more information on this can be seen here:http://www.scribd.com/doc/13427395/Effectively-and-Securely-Using-the...
>
> http://www.scribd.com/doc/13086920/Federal-Cloud-Computing-IT-Quarter...
> H
>
> On Thu, May 7, 2009 at 12:21 PM, Reuven Cohen <r...@enomaly.com> wrote:
> > I've just spend the last two days in Washington DC in conversations with
> > various US government officials regarding the opportunities for cloud
> > computing within the federal government. During these conversations it has
> > become very clear that the topic of "Cloud Computing" is front and center
> > within the various departmental IT strategies going forward. All the more
> > interesting is that the term is being mandated from the highest levels
> > including the new federal CIO Vivek Kundra who indicated cloud computing was
> > one of the biggest revolutions technology has seen in a long time.
>
> > So why does it matter what the US federal government thinks of Cloud
> > Computing? Simple, with an IT budget of more then 70 billion dollars a year,
> > the US government represents the largest IT consumer on the planet. With
> > this kind of money at stake, the influence the US government imposes is
> > enormous and directly influences how we as industry both define and use the
> > cloud.
>
> > Something I found particularly interesting was that for the first time, the
> > federal government is moving more quickly then the private sector in both
> > their interest and potential adoption of what has been referred to as the
> > federal cloud. Making things even more interesting is the appointment of Patrick
> > the federal agency that provides goods and services to other federal
> > agencies and will be the point of contact for any federal cloud services
> > either offered directly or procured through various cloud providers. I
> > Interior*. One of Stingley's first tasks is creating a development plan
>
> > I've been saying this for awhile, before Cloud Computing can be broadly
> > adopted by various governmental bodies we must have a clear definition of
> > what it is. In yesterdays Federal CIO Cloud Summit a draft definition for
> > federal use of cloud computing was revealed. The purpose of this definition
> > is to act as a kind of basic litmus test for use as the various government
> > agency move forward in selecting cloud related products and services.
>
> > Grance <http://csrc.nist.gov/staff/rolodex/grance_tim.html> at the *National
> > Institute of Standards and Technology* (*NIST*). For those unfamiliar with
> > Commerce with a mission to promote U.S. innovation and industrial
> > competitiveness by advancing measurement science, standards, and technology
> > in ways that enhance economic security and improve quality of life. Simply
> > put, their definition of cloud computing will be the de facto standard
> > definition that the entire US government will be given.
>
> > In creating this definition, NIST consulted extensively with the private
> > sector including a wide range of vendors, consultants and industry pundants
> > including your truly. Below is the draft NIST working definition of Cloud
> > Computing. I should note, this definition is a work in progress and
> > therefore is open to public ratification & comment. The initial feedback was
> > very positive from the federal CIO's who were presented it yesterday in DC.
>
> > -------------------------------
> > 4-24-09
>
> > Peter Mell and Tim Grance - National Institute of Standards and Technology,
> > Information Technology Laboratory
>
> > Note 1: Cloud computing is still an evolving paradigm. Its definitions, use
> > cases, underlying technologies, issues, risks, and benefits will be refined
> > in a spirited debate by the public and private sectors. These definitions,
> > attributes, and characteristics will evolve and change over time.
>
> > Note 2: The cloud computing industry represents a large ecosystem of many
> > models, vendors, and market niches. This definition attempts to encompass
> > all of the various cloud approaches.
> > Cloud computing is a pay-per-use model for enabling available, convenient,
> > on-demand network access to a shared pool of configurable computing
> > resources (e.g., networks, servers, storage, applications, services) that
> > can be rapidly provisioned and released with minimal management effort or
> > service provider interaction. This cloud model promotes availability and is
> > *deployment models*.
> > *Key Characteristics:*
>
> > *On-demand self-service.* A consumer can unilaterally provision
> > without requiring human interaction with each service’s provider.
>
> > heterogeneous thin or thick client platforms (e.g., mobile phones, laptops,
> > and PDAs).
>
> > different physical and virtual resources dynamically assigned and reassigned
> > according to consumer demand. The customer generally has no control or
> > knowledge over the exact location of the provided resources. Examples of
> > resources include storage, processing, memory, network bandwidth, and
> > virtual machines.
>
> > To the consumer, the capabilities available for rent often appear to be
> > infinite and can be purchased in any quantity at any time.
>
> > of resource use. Examples are measuring the storage, bandwidth, and
> > computing resources consumed and charging for the number of active user
> > accounts per month. Clouds within an organization accrue cost between
> > business units and may or may not use actual currency.
>
> > Note: Cloud software takes full advantage of the cloud paradigm by
> > being service oriented with a focus on statelessness, low coupling,
> > modularity, and semantic interoperability.
>
>
> > *Cloud Software as a Service (SaaS).* The capability provided to the
> > infrastructure and accessible from various client devices through a thin
> > client interface such as a Web browser (e.g., web-based email). The consumer
> > does not manage or control the underlying cloud infrastructure, network,
> > servers, operating systems, storage, or even individual application
> > capabilities, with the possible exception of limited user-specific
> > application configuration settings.
>
> > applications using programming languages and tools supported by the provider
> > (e.g., java, python, .Net). The consumer does not manage or control the
> > underlying cloud infrastructure, network, servers, operating systems, or
> > storage, but the consumer has control over the deployed applications and
> > possibly application hosting environment configurations.
>
> > computing resources where the consumer is able to deploy and run arbitrary
> > software, which can include operating systems and applications. The consumer
> > does not manage or control the underlying cloud infrastructure but has
> > control over operating systems, storage, deployed applications, and possibly
> > select networking components (e.g., firewalls, load balancers).
>
>
> > *Private cloud. *The cloud infrastructure is owned or leased by a
>
> > (e.g., mission, security requirements, policy, and compliance
> > considerations).
>
>
> > are bound together by standardized or proprietary technology that enables
> > data and application portability (e.g., cloud bursting).
>
> > Each deployment model instance has one of two types: internal or external.
>
>
> read more »
Sam Johnston
Sam
Geir Magnusson Jr.
geir
Sam Johnston
Six. Six blind men. The othoscopically-challenged trio were mice.
True. Thanks for proving my point :)
Actually I was referring to this drawing but should have known better as I've used the analogy, in detail, before in a presentation.
Sam
Geir Magnusson Jr.
The joke was actually at a higher level, based on " we're never going
to have a coherent definition".
It was the best I could do at this hour...
geir