Cloud computing

In most cases, cloud service providers (CSPs) and cloud service customers (CSCs) negotiate service level agreements (SLAs) which include service level objectives (SLOs) and service qualitative objectives (SQOs) for which CSPs make commitments.. The commitments described in SLAs must be measured against actual performance of the service to ensure compliance with the SLA. How actual performance compares against commitments in SLAs, is explained in ISO/IEC 19086-2:2018[2] Metric model.  Cloud SLAs are covered in ISO/IEC 19086-1:2016[1] Service level agreement (SLA) framework Part 1:  Overview and concepts and in ISO/IEC 19086-4:2019[3] Security and privacy.
ISO/IEC 19086-2 Metric model establishes common terminology, defines a model for specifying metrics for cloud SLAs, and includes applications of the model with examples.  This document provides a primer on using the metrics model in 19086-2 to compose the calculation of a cloud service performance measure in order to compare against an SLA commitment. A few examples from the SLOs listed in ISO/IEC 19086-1 (Clause 10) are given in the document, such as Cloud Service Response Time Mean and Cloud Service Availability. As specific, measurable characteristics of a cloud service, SLOs are the basis for defining the metrics used to evaluate and compare agreements between parties.
In the second half of the document, a basic dissection of these examples is provided using a practical method based on a tabular format. This  format allows for a consistent usage of the model across practitioners such as:
- Extracting metric material from an SLA narrative and representing this content separately and unambiguously.
- Designing and representing a new metric definition.
Along with demonstrating this method on previous examples, some best practices are collected and reported.  These best practices also provide practical guidance on how to extend or complement the model when necessary, which is allowed by the 19086-2 Metric model standard but beyond its scope and non-normative.
The scope of this technical report is to describe a practical method for using ISO/IEC 19086-2 Metric Model.
 
Under development

The adoption of cloud computing into the US Government (USG) and its implementation depend upon a variety of technical and non-technical factors. A fundamental reference point, based on the NIST definition of Cloud Computing, is needed to describe an overall framework that can be used government- wide. This document presents the NIST Cloud Computing Reference Architecture (RA) and Taxonomy (Tax) that will accurately communicate the components and offerings of cloud computing. The guiding principles used to create the RA were 1) develop a vendor-neutral architecture that is consistent with the NIST definition and 2) develop a solution that does not stifle innovation by defining a prescribed technical solution. This solution will create a level playing field for industry to discuss and compare their cloud offerings with the US Government (USG). The resulting reference architecture and taxonomy for cloud computing was developed as an Actor/Role based model that lays out the central elements of cloud computing for Federal CIOs, Procurement Officials and IT Program Managers. The cloudscape is open and diversified and the accompanying taxonomy provides a means to describe it in an unambiguous manner. The RA is presented in two parts: a complete overview of the actors and their roles and the necessary architectural components for managing and providing cloud services such as service deployment, service orchestration, cloud service management, security and privacy. The Taxonomy is presented in its own section and appendices are dedicated to terms and definitions and examples of cloud services.
The Overview of the Reference Architecture describes five major actors with their roles & responsibilities using the newly developed Cloud Computing Taxonomy. The five major participating actors are the Cloud Consumer, Cloud Provider, Cloud Broker, Cloud Auditor and Cloud Carrier. These core individuals have key roles in the realm of cloud computing. For example, a Cloud Consumer is an individual or organization that acquires and uses cloud products and services. The purveyor of products and services is the Cloud Provider. Because of the possible service offerings (Software, Platform or Infrastructure) allowed for by the cloud provider, there will be a shift in the level of responsibilities for some aspects of the scope of control, security and configuration. The Cloud Broker acts as the intermediate between consumer and provider and will help consumers through the complexity of cloud service offerings and may also create value-added cloud services as well. The Cloud Auditor provides a valuable inherent function for the government by conducting the independent performance and security monitoring of cloud services. The Cloud Carrier is the organization who has the responsibility of transferring the data akin to the power distributor for the electric grid.
The Architectural Components of the Reference Architecture describes the important aspects of service deployment and service orchestration. The overall service management of the cloud is acknowledged as an important element in the scheme of the architecture. Business Support mechanisms are in place to recognize customer management issues like contracts, accounting and pricing and are vital to cloud computing. A discussion on Provisioning and Configuration points out the requirements for cloud systems to be available as needed, metered and have proper SLA management in place. Portability and Interoperability issues for data, systems and services are crucial factors facing consumers in adopting the cloud are also undertaken here. Consumers need confidence in moving their data and services across multiple cloud environments.
As a major architectural component of the cloud, Security and Privacy concerns need to be addressed and there needs to be a level of confidence and trust in order to create an atmosphere of acceptance in the cloud‟s ability to provide a trustworthy and reliable system. Security responsibilities, security consideration for different cloud service models and deployment models are also discussed.

Cloud computing can and does mean different things to different people. The common characteristics most interpretations share are on-demand scalability of highly available and reliable pooled computing resources, secure access to metered services from nearly anywhere, and displacement of data and services from inside to outside the organization. While aspects of these characteristics have been realized to a certain extent, cloud computing remains a work in progress.
The purpose of this document is to provide an overview of public cloud computing and the security and privacy challenges involved. The document discusses the threats, technology risks, and safeguards for public cloud environments, and provides the insight needed to make informed information technology decisions on their treatment. The document does not prescribe or recommend any specific cloud computing service, service arrangement, service agreement, service provider, or deployment model. Each organization must perform its own analysis of its needs, and assess, select, engage, and oversee the public cloud services that can best fulfill those needs.

Cloud computing is an evolving paradigm. The NIST definition characterizes important aspects of cloud computing and is intended to serve as a means for broad comparisons of cloud services and deployment strategies, and to provide a baseline for discussion from what is cloud computing to how to best use cloud computing. The service and deployment models defined form a simple taxonomy that is not intended to prescribe or constrain any particular method of deployment, service delivery, or business operation.

Cloud computing allows computer users to conveniently rent access to fully featured applications, to software development and deployment environments, and to computing infrastructure assets such as network-accessible data storage and processing. This document reprises the NIST-established definition of cloud computing, describes cloud computing benefits and open issues, presents an overview of major classes of cloud technology, and provides guidelines and recommendations on how organizations should consider the relative opportunities and risks of cloud computing. Cloud computing has been the subject of a great deal of commentary. Attempts to describe cloud computing in general terms, however, have been problematic because cloud computing is not a single kind of system, but instead spans a spectrum of underlying technologies, configuration possibilities, service models, and deployment models. This document describes cloud systems and discusses their strengths and weaknesses. Depending on an organization's requirements, different technologies and configurations are appropriate. To understand which part of the spectrum of cloud systems is most appropriate for a given need, an organization should consider how clouds can be deployed (deployment models), what kinds of services can be provided to customers (service models), the economic opportunities and risks of using cloud services (economic considerations), the technical characteristics of cloud services such as performance and reliability (operational characteristics), typical terms of service (service level agreements), and the security opportunities and risks (security).

The NIST Cloud Computing Standards Roadmap Working Group has surveyed the existing standards landscape for interoperability, performance, portability, security, and accessibility standards/models/studies/use cases/conformity assessment programs, etc., relevant to cloud computing. Where possible, new and emerging standardization work has also been tracked and surveyed. Using this available information, current standards, standards gaps, and standardization priorities are identified within this document.

The NIST Definition of Cloud Computing identified cloud computing as a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. As an extension to the above NIST cloud computing definition, a NIST cloud computing reference architecture has been developed by the NIST Cloud Computing Reference Architecture and Taxonomy Working Group that depicts a generic high-level computing. It contains a set of views and descriptions that are the basis for discussing the characteristics, uses, and standards for cloud computing, and relates to a companion cloud computing taxonomy (http://www.nist.gov/customcf/get_pdf.cfm?pub_id=909505). Cloud computing use cases describe the consumer requirements when using cloud computing service offerings. Through its working groups as described below, the NIST Cloud Computing program has studied a range of U.S. federal government and general-purpose use cases to extract features that are amenable to standardization. Using these examples, the current document analyzes how existing cloud-related standards fit the needs of federal cloud consumers and identifies standardization gaps. Cloud computing standards are already available in support of many of the functions and requirements. While many of these standards were developed in support of pre-cloud computing technologies, such as those designed for web services and the Internet, they also support the functions and requirements of cloud computing. Other standards have been developed or are now being developed to support specific cloud computing functions and requirements, such as virtualization, infrastructure management, service level agreements (SLAs), audits and cloud- specific data handling. Wherever possible, applicable standards are identified in this document.

To assess the state of standardization in support of cloud computing, the NIST Cloud Computing Standards Roadmap Working Group has compiled an Inventory of Standards Relevant to Cloud Computing  (http://collaborate.nist.gov/twiki-cloud-computing/bin/view/CloudComputing/StandardsInventory). This inventory is being maintained and updated as necessary. Using the taxonomy developed by the NIST Cloud Computing Reference Architecture and Taxonomy Working Group, cloud computing relevant standards have been mapped to the requirements of accessibility, interoperability, performance, portability, and security.

ISO/IEC 19086-1:2016 seeks to establish a set of common cloud SLA building blocks (concepts, terms, definitions, contexts) that can be used to create cloud Service Level Agreements (SLAs).

This document specifies

a) an overview of cloud SLAs,

b) identification of the relationship between the cloud service agreement and the cloud SLA,

c) concepts that can be used to build cloud SLAs, and

d) terms commonly used in cloud SLAs.

This document establishes common terminology, defines a model for specifying metrics for cloud SLAs, and includes applications of the model with examples. This document establishes a common terminology and approach for specifying metrics.

This document is for the benefit of and use for both cloud service providers (CSPs) and cloud service customers (CSCs). This document is intended to complement ISO/IEC 19086-1, ISO/IEC 19086-3 and ISO/IEC 19086-4.

This document does not mandate the use of a specific set of metrics for cloud SLAs.

ISO/IEC 19086-3:2017 specifies the core conformance requirements for service level agreements (SLAs) for cloud services based on ISO/IEC 19086‑1 and guidance on the core conformance requirements. This document is for the benefit of and use by both cloud service providers and cloud service customers.

ISO/IEC 19086-3:2017 does not provide a standard structure that would be used for cloud SLAs.

ISO/IEC 19941:2017 specifies cloud computing interoperability and portability types, the relationship and interactions between these two cross-cutting aspects of cloud computing and common terminology and concepts used to discuss interoperability and portability, particularly relating to cloud services.

ISO/IEC 19941:2017 is related to other standards, namely, ISO/IEC 17788, ISO/IEC 17789, ISO/IEC 19086‑1, ISO/IEC 19944, and in particular, references the cross-cutting aspects and components identified in ISO/IEC 17788 and ISO/IEC 17789 respectively.

The goal of this document is to ensure that all parties involved in cloud computing, particularly CSCs, CSPs and cloud service partners (CSNs) acting as cloud service developers, have a common understanding of interoperability and portability for their specific needs. This common understanding helps to achieve interoperability and portability in cloud computing by establishing common terminology and concepts.

The Cloud Key Management Working Group aims to facilitate the standards for seamless integration between CSPs and key broker services. Standardization will take place across key management lifecycle operations and a common set of APIs, enabling consistent implementation of enterprise key policies. Customer-centric in principle, the goal will be for data stored or traversing the cloud and requiring encryption the corresponding encryption keys will be protected and their lifecycle managed by the customer. The purpose of the Cloud Key Management Working Group is to align cloud key management interoperability standards across service providers, maintain and develop API and key interoperability specifications, develop business model templates and specifications for standardized key interoperability, promote the adoption of key management standards and key brokering interoperability, and provide well documented guidelines and a standard approach to vendors to ensure seamless interoperability and compliance to those guidelines/standards.

ISO/IEC 18384-3:2016 defines a formal ontology for service-oriented architecture (SOA), an architectural style that supports service orientation. The terms defined in this ontology are key terms from the vocabulary in ISO/IEC 18384-1.