Cloud Computing Deployment Models

Cloud service models describe the management options for cloud computing services, while cloud deployment models discuss the way in which services are hosted. Although other deployment models such as hybrid cloud and community cloud have also been developed, the two major types of deployment model are public and private cloud (Mell & Grance, 2011).

2.5.1 Public cloud

A public cloud is a cloud computing infrastructure offered by service providers and made available to any organisation or individual, mainly offered over the internet (Balasubramanian & Aramudhan, 2012). These resources are controlled and managed by the service provider located off-site as far as the user is concerned (Carroll et al., 2011). A public cloud offer services at a low cost, with service on demand and high scalability (Carroll et al., 2011).

However, there are several concerns associated with public cloud. Data location represents one of the main issues in the public cloud, as data is stored beyond the enterprise firewall. In addition, to provide high availability and business continuity, the CSP stores data in multiple sites, possibly in different countries, while many countries have established regulations on some types of data or industries that cannot store data outside the country. For instance, the Saudi Arabia Monetary Agency (SAMA) sets rules for the insurance sectors, rule 17 of which emphasises that the company must keep customer’s personal data within the company boundary inside the country (SAMA, 2008). In addition, storing data in locations within different jurisdictions could cause problems for cloud consumers (Cheng & Lai, 2012), and raises questions about which state has jurisdiction over the stored data (Subashini & Kavitha, 2011). Moreover, it is

argued that the risk of breach data and unauthorized access concerns many enterprises considering moving to public cloud (Nandgaonkar & Raut, 2014). Public clouds use a multi-tenant approach which could lead to data breaches. In terms of sensitive data, enterprises can use IaaS or PaaS, which offer some control over data and application.

CSPs promise high availability, however the availability on public cloud could be affected by numerous factors. The availability of cloud services depends on the high speed of internet connectivity (Nandgaonkar & Raut, 2014) as well as the internet bandwidth (Carroll et al., 2011; Cloud Industry Forum, 2015). In addition, cloud services could be unavailable due to resources failure (Keahey et al., 2012). One cause of resource failure is limited hardware capacity (Chuob et al., 2011; Chao et al., 2014), especially with local cloud service providers. Another cause of unavailability of the service is external attacks, such as denial of service attacks (DoS) (Cloud Security Alliance, 2011).

Use of a public cloud is regarded as suitable for small and medium enterprises who have limited resources to manage IT resources and are not handling sensitive data (Erek et al., 2014). In addition, a public cloud could be used by large organisations to process or store non-sensitive data (Srinivasan, 2014) or for temporary tasks, as with the New York Times, which used Amazon EC2 to archive 4TB of data in 36 hours (Street & Chen, 2010; Marston et al., 2011).

2.5.2 Private cloud

A private cloud is a cloud computing infrastructure provided to one organisation; it can exist on or off premises and it may managed by a third party or the organisation itself (Mell & Grance, 2011; Rajan & Jairath, 2011; Goyal, 2014). The major advantage of a private cloud over the traditional in-house system is that the private cloud has a better

utilisation of resources (Missbach et al., 2013) and provides elasticity, which enables resources to be made available as required. A private cloud has advantages over a public cloud in terms of security and control over resources (Mell & Grance, 2011; Rajan & Jairath, 2011; Goyal, 2014). However, unlike with public cloud, the private cloud may require substantial capital as well as operational expenditure (Carroll et al., 2011).

It has been claimed that adopting a private cloud inherently cedes some of the advantages of cloud computing (Srinivasan, 2014), especially the economic and organisational benefits discussed in section 2.7. However, private clouds still have the NIST five characteristics of cloud computing discussed in 2.2.Srinivasan (2014) identified four types of private cloud: a private cloud hosted and managed by the enterprise itself; a private cloud hosted within the enterprise but managed by a third party; a private cloud and infrastructure hosted and managed by a CSP whereby the servers are not shared; and a virtual private cloud, which is similar to the hosted private cloud, but the infrastructure is provided in a shared environment. Table 2-3 shows the differences between the types of private cloud from the four dimensions of location, management, security and scalability.

Type Location Management Security Scalability

Classic private cloud

On-site Cloud infrastructure managed by enterprise

Provides a high level of security because all resources are managed by enterprise itself Limited to enterprise IT infrastructure Managed private cloud

On-site Cloud infrastructure managed by third party

Provides a high level of security because all resources located on-site, but some security and privacy issues similar to traditional outsourcing Limited to enterprise IT infrastructure Hosted private cloud

Off-site Cloud infrastructure managed by CSP

Privacy issues when data stored off-site

High scalability Virtual

private cloud

Off-site Cloud infrastructure

managed by CSP Privacy issues when data stored off-site in a multi- tenant environment

Virtual high scalability Table 2-3: The differences between private cloud types

2.5.3 Hybrid cloud

A hybrid cloud is combination of two or more types of cloud (public, private and community) (Mell & Grance, 2011; Goyal, 2014). The hybrid cloud combines the advantages of cost effectiveness and high scalability of a public cloud with the security advantages of private clouds (Goyal, 2014). There are different scenarios in which the hybrid cloud be used; organisations can benefit from hybrid cloud by keeping critical applications in its own private cloud while moving non-critical applications to a public cloud (Leavitt, 2013). In addition, large enterprise may use hybrid clouds for testing new applications. Hybrid clouds can also be used to manage workload when high demand is predicted, moving work between their private cloud and the public cloud (Leavitt, 2013; Srinivasan, 2014). In this scenario, enterprises need to ensure mobility between the private and public cloud. In this context, mobility has been defined as “the ability to move a live computer workload from one host to another without losing client connections or in-flight state” (Dowell et al., 2011, p. 259).

However, because hybrid cloud integrates different types of cloud, this may lead to security risks (Sturrus & Kulikova, 2014), including security issues concerning how to manage different platforms together (Balasubramanian & Aramudhan, 2012). In addition, portability and interoperability are considered to be major issues in hybrid clouds. Srinivasan, (2014) suggested that enterprises should use IaaS in hybrid cloud to keep the control over infrastructure, to ensure portability between the private and public cloud and to obtain the freedom to move applications between the two different types of cloud.

2.5.4 Community cloud

A community cloud is a cloud computing infrastructure offered to several organisations that have similar interests and requirements (Dillon et al., 2010; Mell & Grance, 2011; Goyal, 2014). A community cloud is suitable for enterprises working in the same sector, such as education and healthcare, which have common regulations and similar requirements and applications (Sangavarapu et al., 2014; Srinivasan, 2014). A community cloud combines the advantages of public clouds in terms of sharing resources between members and the security of a private cloud where the members of the community can focus on their core issue. Community clouds can be managed and controlled by one of these organisations, some of them or a third party (Carroll et al., 2011). This type of cloud provides cloud based services with low cost and provides security and privacy for these organisations (Goyal, 2014). Thus, community cloud may be a good choice for government agencies such as hospitals and universities.

A community cloud can be offered in two models: federated and brokered cloud (Srinivasan, 2014). Federated cloud refers to a network of an aggregated cloud infrastructures are owned by different organisations, which are interconnected and use open standards to provide a shared computing environment (Kertesz et al., 2013; Toosi et al., 2014).

In a community cloud, a federated cloud means that there are private clouds for each member of the community, and they share the resources. Thus, hybrid cloud should ensure the portability and interoperability between clouds. On the other hand, in a broker community cloud, members of community cloud trust cloud service providers to provide IT services to their members.