Cloud Service Models. Seminar Cloud Computing and Web Services. Eeva Savolainen

(1)

Cloud Service Models

Seminar – Cloud Computing and Web Services

Eeva Savolainen

Helsinki 10.2.1012

UNIVERSITY OF HELSINKI Department of Computer Science

(2)

1 Introduction

Cloud computing enables a new business model that supports on-demand, pay-for-use, and scalable IT services over the Internet [HuH10]. Cloud service models can be classified into three classes, according to the abstraction level of the capabilities and resources provided and the service model of providers [BBG11].

This paper concentrates to three most commonly known cloud service models, Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS).

First section briefly describes main concepts of cloud computing and service models.

Following chapters define each service model more detailed level including comparison of different cloud service providers, case studies and specific challenges of each model.

1.1 Cloud Computing

Term cloud computing can be used many ways. Some consider it to be a pool of virtualized computer resources and others say it is the dynamic development and deployment of software fragments [ABS10].

In this paper National Institute of Standards (NIST) definition of cloud computing is used as a framework. By this definition cloud computing is “a model for enabling convenient, on demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction”.

The NIST definition includes cloud architectures, service models and deployment models. Five essential elements of cloud computing are also mentioned:

On-demand self-service. A consumer can reserve needed computing resources, such as network storage, CPU time, software, and so forth automatically without requiring human interactions with providers of these resources.

Broad network access. These computing resources are delivered over the network (e.g.

Internet) and can be used by various client applications with different platforms (such as laptops and mobile phones)

Resource pooling. A cloud service provider’s computing resources are pooled together

(4)

to serve multiple consumers using either the multi-tenancy or the virtualization model.

Different physical and virtual resources are dynamically assigned and reassigned according to consumer demand. The result of a recource pooling is that physical computing resources become invisible to consumers, who in general do not have control or knowledge about the location, formation, and originalities of these resources (CPU, database, network bandwidth, etc.). For example, consumers are not able to tell exact location where their data will to be stored in the Cloud.

Rapid elasticity. A consumer can quickly scale up computing resources whenever needed and release them once they are ready to scale down. For consumers, computing resources become immediate rather than persistent.

Measured Service. The usage of computing resources usage can be monitored, controlled, and reported. The cloud service provider controls and optimizes the use of computing resources through automated resource allocation, load balancing and metering tools. This provides transparency for both the provider and consumer about the utilized service.

1.2 Cloud Service Models

Cloud computing services can be divided into three classes, according to the abstraction level of the capabilities and resources provided and the service model of providers:

Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS) [BBG11].

Figure 1 defines the layered structure of the cloud stack from physical infrastructure to applications. These service model levels can also be viewed as a layered architecture where services of a higher layer can be composed from services of the underlying layer.

(5)

Figure 1: Cloud service models [BBG11].

First layer IaaS is built on top of virtualized compute, storage, and network resources.

Second layer PaaS provides cloud development environments, which are built on top of infrastructure services to offer application development and deployment capabilities.

Top level SaaS is build at the user application level providing applications and application programming interfaces (APIs).

2 Sofware as a Service (SaaS)

The most known and the leading service model of more widespread adoption of cloud computing has been the SaaS [HuH10].

2.1 Overview

In SaaS model a software provider licenses a software application to be used and purchased on demand. Applications can be accessed through networks from various clients (web browser, mobile phone, etc.) by application users. The application requires no client installation, just a browser or other client device and network connectivity [GrM11].

There are many reasons why SaaS model has become more popular and widely used.

Consumers have more access to computers and to the Internet. At the same time

(6)

network speeds continue to improve minimizing application response times. Small and medium-sized businesses are willing to purchase software as a service applications like enterprise resource planning (ERP) or customer relationship management (CRM) that previously were available only in traditional delivery models and focused only to the largest corporations. Mainframes and traditional software licenses have become a target for cost reduction including along with the cost to maintain space for them, as well as the salaries of the in-house staff to maintain and operate them [HuH10].

2.2 Sofware as a Service providers

SaaS offerings can be classified by the software and the pricing model. Table 1 gives an overview of some SaaS providers.

Provider Software Pricing model

Salesforce.com CRM Pay per use

Google Gmail Email Free

Process Maker Live Business process management

Pay per use

XDrive Storage Subscription

SmugMug Data sharing Subscription

OpSource Billing Subscription

Appian Anywhere Business process management

Pay per use

Box.net Storage Pay per use

MuxCLoud Data processing Pay per use Table 1: SaaS providers.

The most common pricing model is pay per use, which a customer pays a static price for units they use. Another pricing model is subscription, which a customer subscribes to use a preselected combination of service units for a fixed price and a longer time frame, monthly or yearly.

2.3 Case Study

San Francisco's Golden Gate University was one of the early adopters of SaaS technologies when they moved to a large cloud-based infrastructure several years ago.

(7)

In 2001 the university realized that their IT infrastructure was behind the technology curve with aging legacy systems, no IT architecture, static web sites, and very poor integration. It was also calculated that 90 percent of the IT spend was going into maintenance of existing infrastructure and supporting daily operations.

The management team created a turnaround plan to deliver a new business strategy, create a new customer experience and reduce costs throughout the enterprise. One part of this turnaround plan was to start an e-business transformation, which required a complete change of information technology capabilities. The goal was to provide 24/7 access to all information, transactions and learning via a web browser.

During 2002 – 2008 the university replaced almost every business and learning application from on-premise solutions with SaaS solutions. The application portfolio that moved into the cloud contained e-learning, ERP (enterprise resource planning) systems, data warehouses, CRM (customer relationship management), fundraising and alumni management, student and faculty, email, and collaboration including wikis, blogs, and web conferencing.

Transformation took a long time but as a result the university was able to reach significant cost reductions. IT budgets were reduced by 25 percent as salaries that were focused on maintaining previous infrastructure and applications were no longer needed.

The IT function was able to concentrate new responsibilities in by providing integration, information management and vendor management [HuH10].

2.4 Challenges

Like any new technology, SaaS model suffers some of limitations. One of the major challenges with SaaS applications is integration [BBG11]. SaaS applications typically provide services for one business area like enterprise resource planning (ERP). As a result companies are facing serious problems with accurate data, forecasting and automated business processes where real time data and functionality sharing is needed.

Some SaaS providers have responded to the integration challenge by developing application programming interfaces (APIs). Unfortunately, accessing and managing data via an API requires coding and maintenance due to API modifications and updates.

Application programming interfaces have also some limitations. For example, the SalesForce.com web services API does not support transactions against multiple

(8)

records, which means integration code has to handle that logic [BBG11].

Another challenge is related to a data locality. In a SaaS consumers use the applications to process their business data. The problem is that the customer does not know where the data is getting stored. Due to compliance and data privacy laws in various countries, locality of data is very important in part of the enterprise architecture. For example, in many EU and South America countries, certain types of data cannot leave the country because of sensitive information [SuK10].

3 PaaS

The difference between SaaS and PaaS is that SaaS only hosts completed cloud applications where PaaS offers a development platform for both completed and in- progress cloud applications [GrM11].

The platform services segment of the cloud market is still in its early phases [GrM11].

Currently PaaS is mainly used for developing and deploying situational applications to enable the rapid development cycles especially to cope with the scenarios with limited timeframe to bring the solutions to the market.

3.1 Overview

PaaS offers an environment where developers can create and deploy applications and do not necessarily need to know how much memory or how many processors their application will be using. In addition multiple programming models and specialized services (data access, authentication, etc) can be offered as a building block to new applications [GrM11]. PaaS model provides developers a service that can be used to a complete software development lifecycle management, from planning to design to building applications to deployment to testing to maintenance [SuK10].

PaaS clouds provider higher-level abstractions for cloud applications, which simplifies the application development process and removes the need to manage the underlying software and hardware infrastructure. PaaS offers automatic scalability, load balancing and failure tolerance [GrM11].

(9)

3.2 Platform as a Service Providers

PaaS offerings can be classified by the availability of features that influence the application development. The most relevant features are programming models, programming languages, frameworks and persistence options [BBG11].

Table 2 shows feature comparison between six different PaaS providers.

Provider Target to

Use

Programming language, Frameworks

Programming Models

Persistence options

Aneka .NET

enterprise applications, Web

applications

.NET Threads, Task,

MapReduce

Flat files, RDBMS

AppEngine Web

applications

Python, Java Request-based Web programming

BigTable Force.com Enterprise

applications

Apex Workflow,

Request-based Web programming, Excel-like formula language

Own object database

Azure Enterprise applications, Web

applications

.NET Unrestricted Table/BLOB/queue

storage, SQL Services

Heroku Web

applications

Ruby on Rails Request-based Web programing

PostgreSQL, Amazon RDS

Amazon Elastic MapReduce

Data processing

Hive and Pirg, Cascading, Java, Ruby, Perl, Python, PHP, C++

MapReduce Amazon S3

Table 2: Feature comparison of PaaS providers [BBG11].

Programming models aims to solve a particular problem in the cloud computing domain. The most common activities that require specialized models are: processing of large dataset in clusters of computers (MapReduce model), development of request- based Web services and applications, definition and orchestration of business processes (Workflow model) and high-performance distributed execution of various computational tasks. PaaS providers usually support multiple programming languages.

Most commonly used languages in platforms include Python, Java, .NET languages and Ruby. Some providers have created own programming language. Force.com has devised its own programming language Apex and an Excel-like query language.

(10)

A persistence layer is used to allow applications to store user data and record their state and recover it in case of crashes. Traditionally relational databases are used to provide reliable data storage and transaction processing. In the cloud computing domain robust and highly scalable distributed storage technologies have emerged. For example Amazon SimpleDB and Google AppEngine datastore offer automatically indexed database services.

3.3 Case Study

Google AppEngine is a development platform and a runtime environment for web applications that will be run on top of Google’s server infrastructure. App Engine includes following features: dynamic web serving, persistent storage, automatic scaling and load balancing, local development environment (sandbox), task queue and scheduled tasks. Applications can be developed with Java and Python [GOO12].

Google provides a free limited service and utilizes daily and per minute quotas to meter and price applications requiring professional service.

Google AppEngine also has some limitations. Existing applications cannot be placed on the platform. Only services written completely with Java or Python are supported. App Engine does not contain any support to publish services created by other service providers and it doesn’t provide discovery and selection services. After creating and hosting their services, clients have to publish their services to discovery services external to App Engine [BBG11].

3.4 Challenges

Cloud data stores provide scalability and high availability properties for web applications but do not support complex queries such as joins. Developers must therefore design their programs according to the peculiarities of NoSQL data stores rather than established software engineering practice.

In PaaS model the provider gives some control to the developers to build applications on top of the platform. But any security below the application level such as host and network intrusion prevention will still be in the scope of the provider [SuK10]. The provider needs to verify that the data remains inaccessible between applications.

PaaS model offers developers a service that provides a complete software development

(11)

lifecycle management. Everything else is abstracted away from the eyes of the developers. The disadvantage of PaaS is that this abstraction can be helpful for a hacker to leverage the PaaS cloud infrastructure for malware command [SuK10].

4 Iaas

The infrastructure layer focuses on enabling technologies [ABS10]. IaaS model changes the way developers deploy their applications. Instead of spending time with their own data centers or managed hosting companies, they can just select one of the IaaS provider, get a virtual server running in few minutes and pay only for the resources they use [SuK10].

From a technology viewpoint the IaaS type of cloud offerings have been the most successful [GrM11].

4.1 Overview

In the IaaS model cloud consumers directly use infrastructure components (storage, firewalls, networks, and other computing resources) provided by the cloud provider.

Virtualization is widely used in order to provide physical resources in an ad-hoc manner to meet current resource demand of cloud consumers [GrM11].

Basic idea of a virtualization is that the resources of one physical computer can be partioned into logical resources and rearranged into multiple virtual machines [HuH10].

For example, operating systems can be set up to run as multiple, virtualized images and to run simultaneously in order to maximize efficiency. Networks can be virtualized so that available bandwidth can be partitioned into separate channels, thereby reducing network complexity and improving the ability to manage the overall network. Storage virtualization allows pooling of many storage resources so that all available storage is assigned and managed centrally.

Figure 2 shows an example of a hardware virtualized server hosting three virtual machines, each one running different operating system and user level software.

(12)

Figure 2: Virtualization [BBG11].

Virtualization results in a significant increase in resource utilization.

4.2 Infrastruture as a Service Providers

Infrastructure as a Service providers offer virtual servers containing one or more CPUs, running several choices of operating systems and a customized software stack. In addition, storage space and communication facilities can be often provided.

IaaS offerings can be classified by the availability of features that influence the cost benefit ratio to be experienced by user applications when moved to the cloud. The most relevant features are geographic distribution of data centers, variety of user interfaces and APIs to access the system, instance hardware capacity, choice of virtualization platform and operating systems and different billing methods [BBG11].

Table 3 shows feature comparison between six different IaaS providers.

(13)

Table 3: Feature comparison of IaaS providers [BBG11].

To be able to improve availability and responsiveness, an IaaS provider builds several data centers distributed around the world. For example Amazon Web Services calls these data centers of availability zones and regions. Currently Amazon is having availability zones in US and in Europe.

Different types of user interfaces provide different levels of abstraction, the most common being graphical user interfaces (GUI), command-line tools (CLI), and Web service (WS) APIs [BBG11]. Usually IaaS providers offer multiple user interfaces.

4.3 Case Study

Amazon Web Services (AWS) is one of the major players in the cloud computing market. It was one of the first IaaS providers. AWS contains a number of individual services: S3 (storage), EC2 (virtual servers), Cloudfront (content delivery), Cloudfront Streaming (video streaming), SimpleDB (structured datastore), RDS (Relational

Provider Geographic

distribution of data centers

User interfaces and APIs

Hardware capacity Guest

operating systems

Smallest billing unit Amazon

E2C

US Europe

CLI, WS, Portal

CPU: 1_20 EC2 compute

units

Memory: 1.7-15 GB Storage: 160-1690 GB, 1 GB – 1 TB (per ESB units)

Linux Windows

Hour

Flexiscale UK Web console CPU: 1-4

Memory: 0.5-16 GB Storage: 20-270 GB

Linux, Windows

Hour

GoGrid REST, Java,

PHP, Python, Ruby

CPU: 1-6

Memory: 0.5-8 GB Storage: 30-480 GB

Linux, Windows

Hour

Joyent US CPU: 1/16-8

Memory: 0.25-32.5 GB

Storage: 5-100GB

OpenSolaris Month

RackSpace US Portal,

REST, Python, PHP, Java, .NET

CPU: Quad-core Memory: 0.25-16 GB Storage: 10-620 GB

Linux Hour

(14)

Database), SQS (reliable messaging), and Elastic MapReduce (data processing) [AMA12].

Silicon Valley Education Foundation selected Amazon Web Services as an IaaS provider when they decided to migrate Lessonopoly.org tool, designed for teachers to manage their lesson plans online, to the cloud. Originally tool was installed to a single server, which is a great risk since a hardware failure could result in system unavailability until repairs were made. Instead of reducing risk via virtualization and additional hardware the organization ended up to try cloud implementation [HuH10].

It only took one day to migrate to the cloud and to have Lessonopoly up and running.

The move from physical environment to the cloud reduced monthly maintenance costs one-third of the previous costs [HuH10].

4.4 Challenges

Out of the box IaaS usually only provides basic security (perimeter firewall, load balancing, etc.) and applications moving into the cloud will need higher levels of security provided at the host [SuK10].

Security responsibilities of both the provider and the consumer differ between different service providers. Amazon’s Elastic Compute Cloud (EC2) includes vendor responsibility for security up to the hypervisor, meaning they can only address security controls such as physical security, environmental security, and virtualization security.

The consumer is responsible for the security controls that relate to the IT system including the OS, applications and data [SuK10].

IaaS solution provided by Amazon also has some limitations. One major problem with Amazon Web Services is its low level of abstraction. When using virtual server solution (EC2), clients have to create a virtual machine, install software into it, upload the virtual machine to EC2, and then use a command line tool to start it [BBG11]. Amazon has a set of pre-built virtual machines but it still falls on the clients to ensure that their own software is installed and then configured correctly.

(15)

5 Conclusion

Cloud computing enables a new business model that supports on-demand, pay-for-use, and scalable IT services over the Internet. Clouds provide services at different levels:

Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS).

In SaaS model a software provider licenses a software application to be used and purchased on demand. Applications can be accessed through networks from various clients (web browser, mobile phone, etc.) by application users. The application requires no client installation, just a browser or other client device and network connectivity PaaS model provides developers a service that can be used to a complete software development lifecycle management, from planning to design to building applications to deployment to testing to maintenance.

IaaS focuses on enabling technologies. In the Cloud consumers directly use infrastructure components (storage, firewalls, networks, and other computing resources) provided by the cloud provider. Virtualization is widely used in order to provide physical resources to meet current resource demand of cloud consumers.

As shown in case studies, cloud service models can provide great benefits and cost savings. Companies can focus on the business instead of spending time and money to maintain own infrastructure. Cloud recourses can be scaled up and down to match current business needs.

Each service model also has some challenges. One of the major challenges with SaaS applications is integration. SaaS applications typically provide services for one business area. As a result companies are facing serious problems with accurate data, forecasting and automated business processes where real time data and functionality sharing is needed. Out of the box IaaS usually only provides basic security (perimeter firewall, load balancing, etc.) while applications moving into the cloud will need higher levels of security provided at the host. PaaS data stores provide scalability and high availability properties for web applications but do not support complex queries such as joins.

(16)

References

ABS10 Anandasivam A., Blau B., Stosser, J., and Weinhardt C., Business Models in the Service World, IT Professional, September/October 2010.

AMA12 Amazon Web Services, http://aws.amazon.com/. [9.2.2012].

BBG11 Broberg J., Buyya, R., and Goscinski A., Cloud Computing: Principles and Paradigms, Wiley Press, USA, 2011.

DCC10 Dillon T., Chen W., and Chang, E., Cloud Computing: Issues and Challenges, Proc 24th IEEE International Conference on Advanced Information Networking and Applications (AINA), Perth, Australia, April 2010.

GOO12 Google AppEngine, http://code.google.com/intl/fi-FI/appengine/.

[10.2.2012].

GrM11 Grance T., and Mell P., NIST definition of cloud computing, National Institute of Standards and Technology, January 2011.

HuH10 Hugos, M., and Hulitzky, D., Business in the cloud: what every business needs to know about cloud computing, Wiley, 2010.

SuK10 Subashini S., and Kavitha V., A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, July 2010.

Cloud Service Models. Seminar Cloud Computing and Web Services. Eeva Savolainen