Er.

Rohit Handa
Lecturer, CSE-IT Department 1
IBM-ICE Program, BUEST Baddi
Topics: Cloud Computing Services & Deployment Models, IaaS, PaaS, SaaS, Private
Cloud, Public Cloud, Community Cloud, Hybrid Cloud

Topic-1(A): Cloud Computing Services & Deployment Models

Service models: This consists of the particular types of services that you can access on a
cloud computing platform. They describe the type of service that the service provider is
offering. Services in cloud computing is the concept of being able to use reusable, fine-
grained components across a vendors network. This is widely known as as a service.
Offerings with as a service as a suffix include traits like the following:
- Low barriers to entry, making them available to small businesses
- Large scalability
- Multitenancy, which allows resources to be shared by many users
- Device independence, which allows users to access the systems on different
hardware

Deployment models: This refers

to the location and management
of the cloud's infrastructure. In
the deployment model, different
cloud types are an expression of
the manner in which
infrastructure is deployed.

A cloud can be represented as the

boundary between where a
client's network, management,
and responsibilities ends and the
cloud service provider's begins. As cloud computing has developed, different vendors offer
clouds that have different services associated with them. The portfolio of services offered
adds another set of definitions called the service model.

There are many different service models all of which take the following form:
XaaS, or <Something> as a Service
Three service types have been universally accepted under SPI Model:
- Software as s Service(SaaS)
- Platform as a Service(PaaS)
- Infrastructure as a Service(IaaS)

Software as a Service
- SaaS is a complete operating environment with applications, management, and the
user interface.
- In the SaaS model, the application is provided to the client through a thin client
interface (a browser, usually), and the customer's responsibility begins and ends
with entering and managing its data and user interaction.
- Everything from the application down to the infrastructure is the vendor's
responsibility.
- Software as a Service (SaaS) is the model in which an application is hosted as a
service to customers who access it via the Internet. When the software is hosted off-
 Er. Rohit Handa
Lecturer, CSE-IT Department 2
IBM-ICE Program, BUEST Baddi
site, the customer doesnt have to maintain it or support it. On the other hand, it is
out of the customers hands when the hosting service decides to change it.
- The idea is that you use the software out of the box as is and do not need to make a
lot of changes or require integration to other systems.
- The provider does all the patching and upgrades as well as keeping the
infrastructure running.
- Cloud provider manages and controls the underlying
o Cloud infrastructure -including storage, network, operating systems
o Application platform
o Even individual application capabilities, with the possible exception of limited
user-specific application configuration settings.
- Costs can be sort of a double-edged sword. On the one hand, costs for accessing the
software can be an ongoing thing. Rather than pay for it once and be done with it,
the more you use it, the more youll be billed. On the other hand, in some cases you
dont have to pay as much up front and you are only billed based on your use of the
application.
- All users have the same version of the software so each users software is compatible
with others. Supports multiple users and provides a shared data model through a
single-instance multi-tenancy model.
- Software that performs a simple task without much need to interact with other
systems makes them ideal candidates for SaaS. Customers who are not inclined to
perform software development but have need of high-powered applications can also
benefit from SaaS.
- Some of these applications
include
o Customer resource
management (CRM)
o Video conferencing
o IT service
management
o Accounting
o Web analytics
o Web content
management
- SaaS applications differ from
earlier distributed
computing solutions in that SaaS was developed specifically to use web tools, like
the browser. This makes them web-native. It was also built with a multitenant back
end in mind, which enables multiple customers to use an application.
- SaaS provides network-based access to commercially available software. Since the
software is managed at a central location, customers can access their applications
wherever they have web access.

SaaS cloud service providers:

o GoogleApps
o Oracle On Demand
o SalesForce.com
o SQL Azure

Benefits:
 Er. Rohit Handa
Lecturer, CSE-IT Department 3
IBM-ICE Program, BUEST Baddi
Cost: One of the biggest benefits of SaaS is, costing less money than buying the
application outright. The service provider can offer cheaper, more reliable
applications than organizations can by themselves.
No Software Licensing
Subscription based service
Familiarity with the World Wide Web Most workers have access to a computer and
know how to use it on the World Wide Web. As such, the learning curve for using
external applications can be much smaller.
Smaller staff IT systems require the overhead of salaries, benefits, insurance, and
building space. The ability to farm out applications reduces the need for as much IT
staff.
Customization Older applications were difficult to customize and required tinkering
with the code. SaaS applications are much easier to customize and can give an
organization exactly what they want.
Better marketing A provider who had developed an application for a very narrow
market might have had problems marketing that application. However, with SaaS,
the entire world is open to the providers.
Web reliability We talked earlier about how the World Wide Web can be seen as a
source of failure. And while that is sporadically true, the fact of the matter is that
the Web is generally quite reliable.
Security Secure Sockets Layer (SSL) is widely used and trusted. This allows
customers to reach their applications securely without having to employ complex
back-end configurations, like virtual private networks (VPNs).
More bandwidth Bandwidth has increased greatly in recent months and quality of
service improvements are helping data flow. This will allow organizations to trust
that they can access their applications with low latencies and good speeds.

Benefits to Vendor
- For vendors, SaaS has the appeal of providing stronger protection of their
intellectual property.
- Vendors can fend off piracy concerns and unlicensed use of software.
- Vendors get a constant stream of income.
- Benefit as more subscribers online.

Traditional packaged software SaaS

Designed for customers to install, manage Designed from the outset for delivery as
and maintain. Internet-based services
Architect solutions to be run by an Designed to run thousands of different
individual company in a dedicated customers on a single code
instantiation of the software
Infrequent, major upgrades every 18-24 Frequent, "digestible" upgrades every 3-6
months, sold individually to each installed months to minimize customer disruption
base customer. and enhance satisfaction.
Individual User handles his troubleshooting Fixing a problem for one customer fixes it
for everyone
Upgrade fee No fee for upgradation
Version Control for the user Latest Version provided by service provider

Obstacles
 Er. Rohit Handa
Lecturer, CSE-IT Department 4
IBM-ICE Program, BUEST Baddi
Like anything, SaaS faces obstacles to its implementation and use. The first is that
an organization that has a very specific computational need might not be able to find
the application available through SaaS. In that case, they may discover that they
need to buy the software and install it on their local machines. That said, companies
with unique needs may be able to find some of the components in a SaaS.
There is also an element of lock-in with vendors. That is, the customer might pay
a provider to use an application, but once they do, they may be unable to port that
application to a new vendor. Or, it might be possible to move to a new vendor, but
the old vendor might charge a hefty moving fee.
SaaS also faces challenges from the availability of opensource applications and
cheaper hardware. If companies are so inclined, they can put their open source
applications on hardware that performs better and costs less than it used to.

Applicability of SaaS
1. Enterprise Software Application
- Perform business functions
- Organize internal and external information
- Share data among internal and external users
- The most standard type of software applicable to Saas model
- Example: Saleforce.com, CRM application, Siebel On-demand application

2. Single-User software application

- Organize personal information
- Run on users own local computer
- Serve only one user at a time
- Inapplicable to Saas model
o Data security issue
o Network performance issue

3. Embedded Software
- Software component for embedded system
- Support the functionality of the hardware device
- Inapplicable to Saas model
o Embedded software and hardware is combined together and is inseparable
- Example: software embedded in ATM machines, cell phones, routers, medical
equipment, etc

Platform as a Service/Cloudware
- PaaS provides virtual machines, operating systems, applications, services,
development frameworks, transactions, and control structures.
- The client can deploy its
applications on the cloud
infrastructure or use
applications that were
programmed using languages
and tools that are supported
by the PaaS service provider.
- The service provider manages
the cloud infrastructure, the
operating systems, and the
 Er. Rohit Handa
Lecturer, CSE-IT Department 5
IBM-ICE Program, BUEST Baddi
enabling software. The client is responsible for installing and managing the
application that it is deploying.
- PaaS supplies all the resources required to build applications and services
completely from the Internet, without having to download or install software.
- PaaS services include application design, development, testing, deployment, and
hosting.
- Other services include team collaboration, web service integration, database
integration, security, scalability, storage, state management, and versioning.
- PaaS generally offers some support to help the creation of user interfaces, and is
normally based on HTML or JavaScript. Because PaaS is expected to be used by
many users simultaneously, it is designed with that sort of use in mind, and
generally provides automatic facilities for concurrency management, scalability,
failover, and security.
- PaaS also supports web development interfaces such as Simple Object Access
Protocol (SOAP) and Representational State Transfer (REST), which allow the
construction of multiple web services, sometimes called mashups. The interfaces are
also able to access databases and reuse services that are within a private network.

PaaS services providers:

o Force.com
o GoGrid CloudCenter
o Google AppEngine
o Windows Azure Platform

PaaS Options
- PaaS is found in one of three different types of systems:
o Add-on development facilities: These allow existing SaaS applications to be
customized. Often, PaaS developers and users are required to purchase
subscriptions to the add-on SaaS application.
o Stand-alone environments: These environments do not include licensing,
technical, or financial dependencies on specific SaaS applications and are
used for general developments.
o Application delivery-only environments: These environments support
hosting level services, like security and on-demand scalability. They do not
include development, debugging, and test capabilities.

Some other factors influencing adoption include

- The ability of geographically isolated development teams to work together
- The ability to merge web services from multiple sources
- The ability to realize cost savings from using built-in infrastructure services for
security, scalability, and failover, rather than having to obtain and test them
separately
- The ability to realize cost savings from using higher-level programming abstractions

Limitations
- A downfall to PaaS is a lack of interoperability and portability among providers.
That is, if you create an application with one cloud provider and decide to move to
another provider, you may not be able to do soor youll have to pay a high price.
- Also, if the provider goes out of business, your applications and your data will be
lost.
 Er. Rohit Handa
Lecturer, CSE-IT Department 6
IBM-ICE Program, BUEST Baddi
- Because vendors use proprietary services or development languages, some
developers are afraid of being locked into a single provider. The vendor may allow

the application to be brought to a different provider; however, the costs are typically
higher as compared to moving applications between conventional hosts. An
application written in Python against Googles API using the Google App engine is
likely to work only in that environment.

Hardware as a Service
- IaaS provides virtual machines, virtual storage, virtual infrastructure, and other
hardware assets as resources that clients can provision.
- The IaaS service provider manages the entire infrastructure, while the client is
responsible for all other aspects of the deployment. This can include the operating
system, applications, and user interactions with the system.
- It simply offers the hardware so that your organization can put whatever they want
onto it. Rather than purchase servers, software, racks, and having to pay for the
datacenter space for them, the service provider rents those resources.
- HaaS allows you to rent such resources as
o Server space
o Network equipment
o Memory
o CPU cycles
o Storage space
- Additionally, the infrastructure can be dynamically scaled up or down, based on the
application resource needs.
- Further, multiple tenants can be on the equipment at the same time.
- Resources are typically billed based on a utility computing basis, so providers charge
by how many resources are consumed.
- Providers will also manage virtualization technology enabling customers to run VMs
(virtual machines). Virtualization enables IaaSproviders to offer almost unlimited
instances of servers to customers and make cost-effective use of the hosting
hardware.
 Er. Rohit Handa
Lecturer, CSE-IT Department 7
IBM-ICE Program, BUEST Baddi
- When it comes to the Operating System (OS), it is often arguable whether its
managed by the provider or customer.

Benefits
- Dynamic scaling
- Usage based pricing
- Reduced costs
- Access to superior IT resources
- Beneficial for small scale organizations

IaaS Providers
- Amazon
- Rackspace
- Gogrid
- GoDaddy
- Joyent
- Microsoft SqlServices

HaaS involves several pieces:

- Service level agreements This is an agreement between the provider and client,
guaranteeing a certain level of performance from the system.
- Computer hardware These are the components whose resources will be rented out.
Service providers often have this set up as a grid for easier scalability.
- Network This includes hardware for firewalls, routers, load balancing, and so on.
- Internet connectivity This allows clients to access the hardware from their own
organizations.
- Platform virtualization environment This allows the clients to run the virtual
machines they want.
- Utility computing billing Typically set up to bill customers based on how many
system resources they use.

The three different service models taken together have come to be known as the SPI model
of cloud computing. Many other service models have been mentioned: StaaS, Storage as a
Service; IdaaS, Identity as a Service; CmaaS, Compliance as a Service; and so forth.
However, the SPI services encompass all the other possibilities.

- It is useful to think of cloud computing's service models in terms of a

hardware/software stack.
- At the bottom of the stack is the hardware or infrastructure that comprises the
network.
- As you move upward in the stack, each service model inherits the capabilities of the
service model beneath it.
- IaaS has the least levels of integrated functionality and the lowest levels of
integration, and SaaS has the most.
- All these vendors offer direct access to hardware resources.
- On Amazon EC2, considered the classic IaaS example, a client would provision a
computer in the form of a virtual machine image, provision storage, and then go on
to install the operating system and applications onto that virtual system.
 Er. Rohit Handa
Lecturer, CSE-IT Department 8
IBM-ICE Program, BUEST Baddi
- Amazon has a number of operating systems and some enterprise applications that
they offer on a rental basis to customers in the form of a number of canned images,
but customers are free to install whatever software they want to run.
- Amazon's responsibilities as expressed in its Service Level Agreement, which is
published on Amazon's Web site, contractually obligates Amazon to provide a level of
performance commensurate with the type of resource chosen, as well as a certain
level of reliability as measured by the system's uptime.

- A PaaS service adds integration features, middleware, and other orchestration and
choreography services to the IaaS model.
- When a cloud computing vendor offers software running in the cloud with use of the
application on a pay-as-you-go model, it is referred to as SaaS.
- With SaaS, the customer uses the application as needed and is not responsible for
the installation of the application, its maintenance, or its upkeep.
- A good example of an SaaS offering is an online accounting package, with the online
versions of Quicken and Quickbooks a prime example.
- A client using an SaaS service mightas is the case for Quickbooks onlinelog into
the service from his browser, create an account, and enter data into the system.
Intuit.com has a service agreement that not only covers the performance of the
hardware and software, but extends to protecting the data that they store for clients,
and other fundamental characteristics.

These service model classifications start to get confusing rather quickly when you have a
cloud service provider that starts out offering services in one area and then develops
services that are classified as another type.
 Er. Rohit Handa
Lecturer, CSE-IT Department 9
IBM-ICE Program, BUEST Baddi
For example, SalesForce.com started out as a Customer Relationship Management SaaS
platform that allowed clients to add their own applications. Over time SalesForce.com
opened an API called the Force API that allowed developers to create applications based on
the SalesForce.com technologies. Force.com is thus their PaaS service.
As another example, take the PaaS offering that is the Windows Azure Platform. Windows
Azure Platform allows .NET developers to stage their applications on top of Microsoft's
infrastructure so that any application built with the .NET Framework can live locally, in
Microsoft's cloud network, or some combination thereof. As Microsoft adds enterprise
applications to its cloud service portfolio, as it has in the case of SQL Azure (and many
other enterprise applications to come), these offerings fall under the rubric of being an
SaaS service model.

Deployment models

- A deployment model defines the purpose of the cloud and the nature of how the
cloud is located.
- An agency can deploy cloud computing in several different ways depending upon
many factors, such as:
Where the cloud services are hosted
Security requirements
Desire to share cloud services
The ability to manage some or all of the services
Customization capabilities
- There are four common deployment models (as per NIST) for cloud
services loosely determined by who has access to the cloud
services: Public Cloud, Private Cloud, Community Cloud,
and Hybrid Cloud.

Public cloud
- The public cloud infrastructure is available for public use
alternatively for a large industry group and is owned by an
organization selling cloud services.
- The public cloud deployment model represents true cloud hosting.
 Er. Rohit Handa
Lecturer, CSE-IT Department 10
IBM-ICE Program, BUEST Baddi
- This model is best suited for business requirements wherein it is required to
o Manage load spikes,
o Host SaaS applications,
o Utilize provisional infrastructure for developing and testing applications,
o Manage applications which are consumed by many users that would otherwise
require large investment in infrastructure from businesses.
- This model helps to reduce capital expenditure and bring down operational IT costs.

Benefits:
- Cost-effective
- Advantageous to organizations that wish to get their information out to the public
quickly and easily. Readily-available tools make it easier to develop, launch, and
promote new services.
- Increased utility: Since they are easily accessible, public clouds have a wide range of
uses and can be utilized for numerous activities.

Cons
- Security
- Limited customization
Private cloud
- The private cloud infrastructure is operated for the
exclusive use of an organization.
- he cloud may be managed by that organization or a third
party.
- Private clouds may be either on- or off-premises.
- Not much cost efficient.
- Tremendous value from a security point of view.
- Security concerns are addressed through secure-access
VPN or by the physical location within the clients firewall
system.
- For mission-critical applications we need to consider
downtime in terms of internet availability, quality and performance. Hence, hosting
the application with an on-premises private cloud is the suggested approach.
- In addition to security reasons, this model is adopted by organizations in cases
where data or applications are required to conform to various regulatory standards.
For example, for the healthcare and pharmaceutical industries, moving data to the
cloud may violate the norms. Different countries have different laws and regulations
for managing and handling data, which can obstruct the business if cloud is under
different jurisdiction.
- Several SaaS applications, such as SugarCRM, provide options to their clients to
maintain their data on their own premises to ensure data privacy is maintained
according to the requirements of the particular business.
- Amazon also provides the option of a virtual private cloud.

Pros
- Security
- Control and flexibility
- Agile
 Er. Rohit Handa
Lecturer, CSE-IT Department 11
IBM-ICE Program, BUEST Baddi

Cons
- Costly
- Time and Resources

Hybrid cloud
- A hybrid cloud combines multiple clouds (private, community of public) where those
clouds retain their unique identities, but are bound together as a unit.
- A hybrid cloud may offer standardized or proprietary access to data and
applications, as well as application portability.
- This deployment model helps businesses
to take advantage of secured applications
and data hosting on a private cloud,
while still enjoying scalability and cost
benefits by keeping shared data and
applications on the public cloud.
- For migrating workloads between public
and private hosting without any
inconvenience to the users.
- For example, an organization might use a
public cloud service, Amazon S3 for
archived data but continue to maintain
in-house storage for operational
customer data.

Community cloud
- A community cloud is one where the cloud has been organized to serve a common
function or purpose.
- It may be for one organization or for several organizations, but they share common
concerns such as their mission,
policies, security, regulatory
compliance needs, and so on.
- A community cloud may be
managed by the constituent
organization(s) or by a third party.
- Cloud infrastructure is shared by
several organizations with the
same policy and compliance
considerations.
- This helps to further reduce costs
as compared to a private cloud, as
it is shared by larger group.
- Various state-level government
departments requiring access to
the same data relating to the local
population or information related to infrastructure, such as hospitals, roads,
electrical stations, etc., can utilize a community cloud to manage applications and
data.
 Er. Rohit Handa
Lecturer, CSE-IT Department 12
IBM-ICE Program, BUEST Baddi

Cloud Deployment Decision Factors

- To understand the deployment models better, we must first understand the following
factors that a business takes into consideration before deploying a particular type of
Cloud.

- Business IT Control: Decision on the deployment may be taken based on the level
of control a business would want to have on their IT infrastructure. A business
typically may want complete control over their IT infrastructure; hire system
administrators, have control over the power and cooling, backups, and the entire
management of the physical infrastructure. Business criticality, security and
sensitive data are some of the factors that may influence this decision.
- Business Critical Applications: The customer has specific needs with regards to
implementation of specific setups, for example: Implementation of custom high-
availability features and Disaster Recovery features only available in house. These
features though available and provided by external providers may not be delivered
with the right level of SLA (service level agreement) required by the business. The
business may be running business critical services that make assumptions on the
operating systems or the underlying hardware. Or, the customer might be running a
legacy setup that is not directly amenable to Cloud.
- Data and Transaction Security: Data and Transaction security are the primary
concerns when a customer plans to put their workload on Cloud. Putting sensitive
data and routing transactions over public servers and network may place the data at
risk. Even if correct security measures are in place to encrypt the data and
transactions, theres always a need to put stringent security measures to ensure
that there is no compromise at any point in the workflow.
- Compliance and Audit: Certain laws pertaining to IT expect data to be placed in
more controlled and private settings. If a customer expects to get compliant with
these laws, they must adhere to their directives and constraints with regards to the
data. For example, a company that deals with credit card transactions must store
this data on highly secured servers. These servers and the remaining infrastructure
must adhere to the PCI compliance laws. A regular audit of the infrastructure
ensures these laws are followed. A more public setting for cloud will not be PCI
compliant.
- Balance of Capex and Opex: When deciding on an appropriate IT infrastructure,
the customer budget plays a major role. Based on the available financial resources,
a customer may go for an outright purchase (Capital Expenditure - CapEX) of
hardware and software to build an in-house cloud solution. If financially
constrained, the customer can choose a pure operational expense (OpEX) model for
moving to Cloud. In the latter case, a publicly available cloud solution may provide
the service on a subscription basis. The customer saves on the initial cost of
purchasing hardware/software.
- Workload characteristics: Production workloads are more critical in nature
requiring guaranteed response and turnaround times. Non-production workloads
are less demanding from a resource and response perspective. The customer may
choose to place a non-production or pre-production workload on a more public
setting whereas the production loads go on in-house solution built for Cloud.
- Workload Lifespan Preferences: It makes more sense to place short-term
workloads on public clouds. This way, the initial investment on hardware can be
 Er. Rohit Handa
Lecturer, CSE-IT Department 13
IBM-ICE Program, BUEST Baddi
avoided. On the other hand, a customer may prefer a private cloud solution built in-
house to host long-term workloads.
- Industry Segment - SME and Large Enterprises: A small/medium enterprise or a
startup with constrained financial resources and time can setup their IT
infrastructure at minimum cost, by going in for a publically available cloud solution.
However a large enterprise with surplus resources can plan to setup their own
datacenter to host a private cloud in-house.
- Data Freedom: A majority of public cloud solution providers may not allow
migration of hosted virtual machine instances to be downloaded as VM image or
migrated to another cloud service provider. This places constraints and locks a
customer with just one provider. The customer, in this case may want to avoid these
cloud service providers and go for a private cloud solution which provides more
freedom in how the meta-data in cloud gets used and stored.
- Software characteristics: Certain software characteristics may restrict certain
applications to run on a particular cloud model. Heavy dependency on legacy
operating systems or assumptions on the underlying hardware constraints an
application to private cloud settings. A public cloud is generally built using off-the-
self operating systems and virtual solutions.
- Time to deploy: A public cloud can be easily deployed in a matter of seconds or
hours. However, setting a private cloud requires time to purchase the hardware and
software to set up the cloud. If time is the only factor, then public cloud are the
easiest to deploy. All the factors discussed above, influence business and technical
decisions on how a cloud will be implemented.