You are on page 1of 55

Cloud Computing Explained

A White Paper by:
The Cloud Computing Explained project of The Open Group Cloud
Computing Work Group, led by:
Shuvanker Ghosh, The Open Group Master Certified Architect, IBM
Gill Hughes, The Open Group Certified IT Specialist,
TOGAF 9 Certified, Capgemini

May, 2011

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 2

Copyright © 2011 The Open Group
All rights reserved. No part of this publication may be reproduced, stored in a
retrieval system, or transmitted, in any form or by any means, electronic,
mechanical, photocopying, recording, or otherwise, without the prior
permission of the copyright owners.


Boundaryless Information Flow™ is a trademark and ArchiMate
®
, Jericho
Forum
®
, Making Standards Work
®
, Motif
®
, OSF/1
®
, The Open Group
®
,
TOGAF
®
, UNIX
®
, and the ``X'' device are registered trademarks of The
Open Group in the United States and other countries.
All other brand, company, and product names are used for identification
purposes only and may be trademarks that are the sole property of their
respective owners.

Cloud Computing Explained
Document No.: W115

Published by The Open Group, May, 2011.

Any comments relating to the material contained in this document may be
submitted to:
The Open Group
44 Montgomery St. #960
San Francisco, CA 94104
or by email to:
ogpubs@opengroup.org

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 3


Table of Contents
Executive Summary 4
Introduction 5
Cloud Computing Definition 7
Cloud Computing Definition Explained 10
Service Models Explained 26
Deployment Models Explained 29
Other Characteristics and Attributes 33
Common Misconceptions Regarding Cloud Computing 36
Cloud Computing Benefits 47
Cloud Computing Issues 49
Standards and Interoperability 52
References 54
Acknowledgements 54
About the Author 55
About The Open Group 55


Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 4




Boundaryless Information Flow
achieved through global interoperability
in a secure, reliable, and timely manner
Executive Summary
The term “Cloud Computing” has been a prominent phrase in the technology-related
marketplace for some time. Private and public sector enterprises have begun to
consider the basic promise of Cloud Computing to enable the consolidation of IT
resources and to better manage IT expenses. IT vendors are also in full swing
marketing their vision on Cloud Computing and rolling out products and services in
this space.
So, what is Cloud Computing? Is it just hype? Is it a new technology? Is it a new IT
architecture? Is it a methodology? Is it a computing paradigm? How is it different
from past and current computing paradigms? What are the benefits of Cloud
Computing? This White Paper attempts to answer these questions at a high level so
that someone new to Cloud Computing (whether from a business or technical
background) will gain a basic understanding of the topic. The paper has been
developed by the Cloud Computing Explained special project team with contributions
from the wider Cloud Work Group members of The Open Group.
The material covered in this document supports The Open Group vision of
Boundaryless Information Flow.



Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 5
Introduction
Wherever you look on the web, or in marketing and advertising materials provided by suppliers to IT
organizations, as well as many current IT-focused journals and consulting organizations, there are
references to “Cloud Computing”, “the cloud”, or services in or from “the cloud”. Everything is “…as
a service”. With many contrasting definitions available, one could be forgiven for being confused.
This document seeks to provide a readily understandable explanation of what Cloud Computing really
is and more – what does this mean for stakeholders in a typical enterprise?
From your own personal experience you may think you know how good Cloud Computing is; perhaps
you use Google Mail or Salesforce.com, or you have a phone and download and run applications from
an application store for very little cost and as easy as a couple of clicks. Perhaps you back your PC
files up to a backup service somewhere in “the cloud”. So, what is it really? And if it is so good, why
isn’t everyone rushing to move all their enterprise IT services into the cloud?
There have been a number of definitions of Cloud Computing, varying from a single sentence to a
page telling you it’s like a utility; it’s infinite; it’s easy to access, that it’s cheaper and elastic so it can
grow and contract as your business does.
This paper is one of a series of papers being created by The Open Group to examine Cloud Computing
from different perspectives. In this paper, we take one of the most often quoted definitions of Cloud
Computing – the NIST Definition of Cloud Computing [1] – and look at the characteristics, services,
and deployment models described therein.
To do this, we have looked at the impact on three principal roles: the Provider, the Consumer, and the
Developer. Of course there are other roles, but these three begin to illustrate some of the key impacts
of using Cloud Computing.
Why does The Open Group have a strong interest in Cloud Computing? It is clear that Cloud
Computing, properly applied, can be a significant factor in the achievement of “Boundaryless
Information Flow” – the documented mission of The Open Group. Cloud Computing therefore goes to
the heart of our core purpose. With our work in Enterprise Architecture (TOGAF), Service Oriented
Architecture (SOA), our involvement with the Jericho Forum, and our vendor-neutral position, we are
ideally positioned to not only look at what Cloud Computing really offers, but to express this in terms
of architecture, security, services, etc. in a way that helps you to understand how applications,
infrastructure, and indeed businesses need to be architected and operated to take full advantage of a
Cloud Computing environment.
One of the principles of our work in The Open Group Cloud Work Group [7] has been to collaborate
and re-use, where possible, existing material/prior art concerning Cloud Computing. For this reason,
we have not “reinvented the wheel” and have used the NIST Definition of Cloud Computing [1] as the
basis of our work.
Purpose
This paper is intended to provide an introductory overview of Cloud Computing.
The paper will look one of the most popular definitions of Cloud Computing and will seek to explain,
through the use of practical examples, what this really means.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 6
The paper also outlines some of the benefits and issues surrounding Cloud Computing adoption.
Scope
This paper will cover the following, at an overview level:
• Cloud Computing Definition
• Cloud Computing Benefits
• Cloud Computing Issues
• Cloud Computing Misconceptions
• Standards and Interoperability
Intended Audience
This paper is intended for both business executives and IT specialists who are either new or relatively
new to Cloud Computing. It is suitable for anyone who has an interest in Cloud Computing and
wishes to gain a basic understanding of what Cloud Computing is, what some of the commonly used
Cloud Computing terms mean, and how Cloud Computing will affect both business and IT within the
enterprise and the benefits and issues surrounding its adoption.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 7
Cloud Computing Definition
Concept
Cloud Computing represents the next evolution in computing where shared resources are made
available and accessed as a service over Internet, intranet, and/or dedicated network. The essential
concept of Cloud Computing is comparatively simple: resources are available and accessed when
needed. The consumer pays for their actual usage in much the same way as most people pay for
household utilities. As with utilities (e.g., water, gas, electricity), shared resources in Cloud
Computing can potentially be used by others when not used by a particular consumer.
Put like this, it all sounds very simple and attractive. It is probably this concept which is largely
responsible for the popularity of all things “Cloud Computing” in the IT marketplace today. For
enterprises who have invested in establishing what are often complex and expensive IT systems to
support their business processes, who wouldn't be attracted by the idea of just being able to pay on
demand for someone else to provide that service without worrying about the details of how it is being
done? Better still; several suppliers will potentially do so, giving a competitive choice. Taken to the
extreme, perhaps you no longer need to have an internal IT Department with all the difficulties and
expense of hiring and retaining a skilled IT workforce, nor would you need to own and maintain a data
center full of IT hardware and software. But in today’s complex world, significant further analysis is
required to understand the benefits and, especially, the risks that Cloud Computing can entail. This
paper will make these clear.
Defining Cloud Computing
The NIST Definition of Cloud Computing [1] in the US has gained significant traction within the IT
industry.
The version of the definition of Cloud Computing from NIST at the time of the writing of this paper is
the 15
th
. This is an indication of the immaturity of (but also very high interest in) this subject. Our
understanding of what Cloud Computing really means and what its essential characteristics are is still
being developed as the Cloud Computing marketplace matures.
NIST defines Cloud Computing as follows:
“Cloud Computing is a model for enabling convenient, on-demand network access to a shared pool of
configurable computing resources (e.g., networks, servers, storage, applications, and services) that
can be rapidly provisioned and released with minimal management effort or service provider
interaction. This cloud model promotes availability and is composed of five essential characteristics,
three service models, and four deployment models.”
These characteristics, service models, and deployment models as defined by NIST are detailed below.
Essential Characteristics
• On-demand self-service: A consumer can unilaterally provision computing capabilities, such
as server time and network storage, as needed automatically without requiring human
interaction with each service’s provider.
• Broad network access: Capabilities are available over the network and accessed through

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 8
standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g.,
mobile phones, laptops, and PDAs).
• Resource pooling: The provider’s computing resources are pooled to serve multiple
consumers using a multi-tenant model, with different physical and virtual resources
dynamically assigned and re-assigned according to consumer demand. There is a sense of
location-independence in that the customer generally has no control or knowledge over the
exact location of the provided resources but may be able to specify location at a higher level
of abstraction (e.g., country, state, or data center). Examples of resources include storage,
processing, memory, network bandwidth, and virtual machines.
• Rapid elasticity: Capabilities can be rapidly and elastically provisioned, in some cases
automatically, to quickly scale out and be rapidly released to quickly scale in. To the
consumer, the capabilities available for provisioning often appear to be unlimited and can be
purchased in any quantity at any time.
• Measured service: Cloud systems automatically control and optimize resource use by
leveraging a metering capability at some level of abstraction appropriate to the type of service
(e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be
monitored, controlled, and reported providing transparency for both the provider and
consumer of the utilized service.
Service Models
• Cloud Software as a Service (SaaS): The capability provided to the consumer is to use the
provider’s applications running on a cloud infrastructure. The applications are accessible from
various client devices through a thin client interface such as a web browser (e.g., web-based
email). The consumer does not manage or control the underlying cloud infrastructure
including network, servers, operating systems, storage, or even individual application
capabilities, with the possible exception of limited user-specific application configuration
settings.
• Cloud Platform as a Service (PaaS): The capability provided to the consumer is to deploy
onto the cloud infrastructure consumer-created or acquired applications created using
programming languages and tools supported by the provider. The consumer does not manage
or control the underlying cloud infrastructure including network, servers, operating systems,
or storage, but has control over the deployed applications and possibly application hosting
environment configurations.
• Cloud Infrastructure as a Service (IaaS): The capability provided to the consumer is to
provision processing, storage, networks, and other fundamental computing resources where
the consumer is able to deploy and run arbitrary software, which can include operating
systems and applications. The consumer does not manage or control the underlying cloud
infrastructure but has control over operating systems, storage, deployed applications, and
possibly limited control of select networking components (e.g., host firewalls).
Deployment Models
• Private cloud: The cloud infrastructure is operated solely for an organization. It may be
managed by the organization or a third party and may exist on-premise or off-premise.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 9
• Community cloud: The cloud infrastructure is shared by several organizations and supports a
specific community that has shared concerns (e.g., mission, security requirements, policy, and
compliance considerations). It may be managed by the organizations or a third party and may
exist on-premise or off-premise.
• Public cloud: The cloud infrastructure is made available to the general public or a large
industry group and is owned by an organization selling cloud services.
• Hybrid cloud: The cloud infrastructure is a composition of two or more clouds (private,
community, or public) that remain unique entities but are bound together by standardized or
proprietary technology that enables data and application portability (e.g., cloud bursting for
load-balancing between clouds).

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 10
Cloud Computing Definition Explained
Although not overly exhaustive in length, the above definition provides us sufficient detail to establish
specific criteria (e.g., based upon the essential characteristics) which we can use to look at Cloud
Computing implementations to say either “yes” they are Cloud Computing or “no” they are not.
For those who have worked within the IT industry for any length of time, the “cloud” is a familiar
sight. Anyone who has ever seen a network diagram has likely seen the complexities of network
interconnectivity masked by the cloud symbol as depicted in Figure 1.

Figure 1: Simple Network Diagram
For those whose particular expertise is not networking this has proven to be a welcome relief; an
excuse to not have to understand the details of the connectivity and interoperability implied by the
symbol. In reality the cloud might contain a significant number of network components (e.g.,
switches, routers, cabling, middleware, etc.).
While the cloud network symbol has often been used to illustrate corporate networks, particularly
where these are distributed geographically (and potentially therefore across the Internet), for many it
has now become synonymous with the Internet itself.
The following simple illustration of Cloud Computing is a fairly typical depiction of the way that
Cloud Computing masks complexity. In Figure 2 we can see services provided “in the Cloud” and
consumers: either organizations or individuals, who are consuming one or more services.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 11

Figure 2: Cloud Services
Although not necessarily immediately obvious in this simple diagram, cloud services may use other
cloud services, though as consumers we might be completely unaware of this. As consumers, we
probably won’t care about the underlying complexity – we just care that the result we expect is
delivered.
If we now compare this simple diagram with the NIST Definition of Cloud Computing [1], does it
illustrate what the cloud is? If we review the basic definition:
“Cloud Computing is a model for enabling convenient, on-demand network access to a shared pool of
configurable computing resources (e.g., networks, servers, storage, applications, and services) that
can be rapidly provisioned and released with minimal management effort or service provider
interaction. This cloud model promotes availability and is composed of five essential characteristics,
three service models, and four deployment models.”
We see network access from offices or end-users (perhaps customers or remote workers of a business
organization or maybe individual users of Cloud Computing services); we see the shared use of
services: shared between these organizations and/or individuals. Nothing in our diagram clearly shows
the ability to rapidly provision services, though it may be implied perhaps by the simplistic portrayal
of the “service” at the end of an “Internet connection”.
So what else does the NIST definition tell us about our cloud?
We are given a number of essential characteristics for the cloud:

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 12

Figure 3: NIST Essential Cloud Computing Characteristics
On-Demand Self-Service
For us to achieve “on-demand self-service” there must be something provided at the point of
interaction between the consumer of a Cloud Computing service and the provider to enable the service
to be contracted for and instantiated with minimal effort and interaction between these two parties.
Typical examples of this are a web site providing the essential functions to enable:
• Sign-up
• Billing and Payment Services
• Security and Identity Management Services
• Access to the Cloud Computing Services – to create, run, delete, amend, and stop services as
required
Beyond the essential services, to allow a Cloud Computing resource to be purchased and run,
additional services may be present to provide other functions common within the IT operation (e.g.,
monitoring, reporting, SLA management, error reporting, and bug fixing).
Although this web site and interaction is required to establish a relationship and the contractual aspect
of Cloud Computing, this interaction will not apply to the later consumption of services based upon
the Cloud Computing resource purchased. For example, if I were to buy a virtual server from a Cloud
Computing infrastructure provider and run a web server upon that virtual server, anyone directed to
my web site wouldn’t necessarily have any idea that it was provided through use of a Cloud
Computing infrastructure and they themselves would not interact directly with the Cloud Computing
provider. The same is true today in respect of traditional IT services. Many IT services have already
been outsourced to third-party IT service providers by organizations for whom IT is not a core
business. Users of web sites on the Internet often have no idea where these services are located and by
whom they are hosted.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 13

Figure 4: Buyers, Providers, and Consumers
Note: that although “Establish Service” appears to be happening external to our cloud or Internet, this
is only illustrative of the fact that this interaction is taking place and, as stated above, for most cases
this will be through the use of a web site which almost wholly automates all the necessary supply of
credentials and payment details, etc.
Broad Network Access
For us to demonstrate broad network access then our Cloud Services must be readily accessible over a
network to a variety of devices through standardized means (e.g., a browser). This characteristic
introduces an important consideration for all cloud implementations – the use of standards. Without
adherence to standards throughout the technology stack (e.g., from the network level up to the client
access and presentation level), accessibility from such a variety of devices and applications would
inevitably be reduced and this characteristic become unachievable.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 14

Figure 5: Broad Network Access
Thus, we have an implied principle here for Cloud Computing: the use of standards will be
fundamental.
Resource Pooling
We can see “resource pooling” insofar as we can see multiple individuals and/or organizations which
seem to be using the same service, though we don't know exactly how this is happening. We also have
no idea where these services are located, we see only a cloud. In reality we may have a vague idea of
location either because particular providers state where they operate in general (e.g., country or state)
and/or because we are able to specify a choice of location, even if only to the extent of continent, or
country. For the accessibility of the service, however, location is largely irrelevant as we have our
network – e.g., the Internet – to connect us. For other reasons, for example, data security, compliance
with regulations, and indeed performance in accessing data, location may become highly relevant.
Rapid Elasticity and Measured Service
In the next version of the diagram (Figure 6) we've added some “metering” to the services to provide
measurements of the consumption of each. This is so that we could be billed for what has been used.
We've shown one of the services flexing in and out as its usage grows and reduces, illustrating rapid
elasticity.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 15

Figure 6: Resource Pooling, Rapid Elasticity, and Measured Service
While it is easy to illustrate these essential characteristics within our diagrams, we need to understand
what each of them really means. What should we expect to see from someone providing Cloud
Computing services to us? The answers will be different depending upon your viewpoint; for example,
whether you are a provider, a consumer, or a developer. But if these particular characteristics are
essential, then understanding each in some detail is necessary if one is to determine whether a service
is really Cloud Computing.
In the following sections we provide just such a view, looking in turn at the roles of:
• Consumer
• Provider
• Developer
Before we discuss the essential characteristics of Cloud Computing let us first introduce the primary
roles in Cloud Computing. There are three primary roles in a Cloud Computing ecosystem:
Cloud Service Consumer – The cloud service consumer takes many forms, depending on the type of
offering. For example, the service consumer for an SaaS offering is consuming the application, while
the service consumer for an IaaS offering is consuming hosted virtual images. There are many
responsibilities for the cloud service consumer. There can be multiple sub-roles responsible for a
variety of tasks and steps within the Cloud Computing ecosystem:
• Business, financial, and contractual responsibility for consuming services – negotiating and
setting up the contract, approving contracts, etc. This specific sub-role is often referred to as a
buyer.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 16
• Administration and configuration for consuming services – cloud service providers offer
some configuration and provisioning capabilities which differ depending upon the cloud
service model offered.
• Actual usage of the consumed services.
Cloud Service Provider – The cloud service provider hosts cloud services for cloud service
consumers. The type of hosted service depends on the cloud service model. For example, IaaS
providers make available hosted virtual infrastructure resources, whereas SaaS providers offer
application or software components as services. There can be multiple sub-roles responsible for a
variety of tasks and steps within a Cloud Computing ecosystem:
• Business, financial, and contractual responsibility for offered services – negotiating and
setting up the contract, approving contracts, etc. This specific sub-role is often referred as a
seller.
• Provisioning and initial setup – enabling the consumers to start consuming the cloud services.
• Security and other qualities of service including non-functional requirements (e.g.,
availability, scalability, etc.) – ensuring, managing, and auditing the fulfillment of contract
requirements as agreed with the consumers.
• Technical and infrastructure management – managing the infrastructure required for
providing cloud services.
Cloud Service Developer – The cloud service developer develops the cloud services that will be
consumed by the end customer. The type of service depends on the type of cloud service model
offered; it could be virtual images, multi-tenant applications, etc. Cloud service developers may also
integrate cloud services offered by other developers or providers. Cloud service developers may
themselves be consumers of platform or infrastructure cloud services.
We will now examine the NIST characteristics of Cloud Computing from the perspective of the three
roles identified above.
On-Demand Self-Service
Consumer
For the consumer, this characteristic deems it essential to be able to use the service whenever they
want, without requiring significant assistance (e.g., through an online system from which one could
establish an account including the relevant security and billing credentials and from which one may
select and schedule the use of the Cloud Computing options on sale). This might include, using
infrastructure as an example, starting virtual machines, assigning them network addresses, and
creating databases and storage containers. It may be expected that use of significant resources might
require additional vetting between provider and consumer to establish credit worthiness and/or to
protect against excessive, unforeseen use which might jeopardize the provider’s overall service
availability.
Provider
For the provider, this requires that procurement, account management, service instantiation, metering,
billing, and payment services are established which provide consumers with a readily available means
(e.g., via a web site on the Internet) of contracting for services. These services will need to integrate

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 17
with operational systems which provide for the service to be created, started, modified, or stopped in
accordance with the consumer’s instructions. Without such integration the “on-demand” aspect of this
characteristic will be impossible. Depending upon the specific services being provided and consumed,
this might mean services last only for minutes or for weeks, months, or years. Providers will typically
incorporate limitations on purchases in line with their ability to either:
• Provision resources: purchases above a certain amount of application or infrastructure
resource are subject to minimum notice, pre-reservations, or additional financial vetting
• Establish credit worthiness of the consumer: purchases above a certain monetary limit
Although the concept of Cloud Computing and the overall definition suggest the illusion of infinite
resource, clearly in reality this does not exist and most certainly does not exist for all customers at the
same point in time. Providers will have established limitations beyond which they cannot operate
normally (e.g., until they obtain additional resources, perhaps purchasing and installing server
capacity). It is simply uneconomical to commission and retain infinite IT resources. How well
providers are able to forecast demand and how efficient they are at provisioning their services will be
fundamental to their ability to meet consumer expectations and service levels – and their continuing
financial viability and success. Various means may be used to help preserve service (e.g., offering
reduced prices for advance purchases or for consumers who are willing to endure service interruptions
or reduced performance in the event of resource constraint (refer to:
http://aws.amazon.com/ec2/purchasing-options/, accessed March 2011).
Developer
For the developer, the concept of on-demand self-service may have a number of different impacts. The
exploitation of this characteristic will require forethought. If services are to be able to respond to
demand, then the demand has to be monitored and the required resources scheduled to satisfy it.
Developers should be looking to manage volatility, to schedule resources in response to demand to
maintain service levels, but to avoid over capacity.
For developers working in a traditional IT environment they are often able to dictate product choices,
including versions and configuration parameters. When developing in a Cloud Computing
environment, many of these choices may be restricted by the provider. Worse still, changes to the
environment – for example, a product version upgrade – are likely to take place very much at the
provider’s discretion, irrespective of the lifecycle stage of the developer. What effect might it have
upon your development project if someone suddenly upgrades the version of the platform upon which
you are developing? How much rework or retesting might be required? In comparison to the developer
working with an in-house provided computing environment, how will fault reporting, bug progression,
and change control processes work? If you are a developer working upon a purchased IaaS service to
construct an application then you may have significant control still over product and platform choices,
whereas in the case of development on a specific PaaS or SaaS these will probably be significantly
reduced.
Broad Network Access
Consumer
For the consumer, the ability to connect to and use a service from a device of your choice, a location
of your choice, using a network connection of your choice may be a significant factor in determining
whether you select Service A from Provider A in preference to Service B from Provider B. The

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 18
greater the limitations placed upon service access and consumption by a provider (e.g., use of a
particular web browser or web brower version), the more difficult use of a given service by a
consumer may become. Users of multiple services provided by different providers may find
themselves the victim of conflicting demands (e.g., Service A requires a minimum version of X of a
browser and Service B requires a different version). Although managing the complexity of client
access software and back-end application versions is nothing new to those used to the traditional IT
environment, the extension of dependencies to services provisioned from a Cloud Computing source
raises additional difficulties. Policies are often well established within enterprises to manage and
maintain software versions across the enterprise, thus the resident mix can be predicted and controlled.
Upgrades and changes can be planned and tested and implemented when required (e.g., avoiding key
business processing events).
Extending the IT boundary of an organization to encompass services purchased from Cloud
Computing providers requires a different perspective for configuration management, governance, and
regulatory compliance. All those aspects which were wholly or almost wholly within the control of an
organization may now be dependent upon third parties. Services may be added, changes made, or
services removed with little or no notice and certainly without regard to individual enterprises and
their business calendars. Researching one’s choice of Cloud Computing provider and establishing
their policies for providing notifications of changes and how they engage with the organizations
buying their services will be useful in mitigating the risks of using Cloud Computing. Undoubtedly
the relationships and management of the entire organization’s IT landscape will be different as Cloud
Computing gains a stronger foothold.
Provider
Providers generally want the maximum market access. The greater the accessibility of their services
(usable by anyone located anywhere on the globe using a variety of devices), the greater is the
potential for sales. Broad network access will not be the only characteristic required to enable this, but
it provides the foundation at the hardware and software level. Services may still need to be tailored
(e.g., in language or according to legal restrictions or indeed according to local custom and practice),
to enable consumers from different countries to successfully engage. For example, providing a web
site from which your services can be purchased only in English will restrict the potential to sell your
services in many countries. If payments can only be taken in certain currencies or from certain
financial institutions then again the potential marketplace will contract.
Developer
For the developer, there are consequences to using Cloud Computing services both at the time of
development and also for the design and implementation of the eventual developed solution when it
runs upon a Cloud Computing platform. We have already alluded to the difficulties of establishing
control of the underlying environment: the choice of tools, software products and versions; the
consequences of developing at a distance may also have unforeseen impacts upon the ability to load
and extract test data; and indeed on how to migrate live data from existing systems.
Developing for consistent performance will require different architectural approaches from those
typically employed for in-house IT environments where fixed resources are often provisioned in
respect to individual applications and services. Cost-effective use of Cloud Computing services
requires that over-provisioning of resources is avoided and conversely under-provisioning brings with
it the risk that services will fail and customers and revenue be lost. Developed solutions may need to
interact with provider’s scheduling and resource provisioning services to add or remove resources
(e.g., using custom APIs to do so). Although there are many potential providers of Cloud Computing

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 19
services in the marketplace, the means of engaging with each may be radically different as indeed may
be the charging mechanisms; i.e., it may be advantageous in one environment to avoid excessive
interaction between servers (to reduce network charges where these are paid for separately), in another
provider’s environment different configurations may be more cost-effective.
Resource Pooling
The NIST definition of resource pooling assumes multi-tenancy is being employed to enable services
to be offered to multiple consumers. It also implies location-independence; i.e., that the consumer has
little knowledge of and potentially control over the location where any resources reside physically
(e.g., country).
Consumer
For the consumer, resource pooling will mean understanding whether there is any impact from sharing
with other unknown customers and whether the other implied characteristic – i.e., that you don’t know
where exactly your computing resource or data is located – matters. The amount of information
provided by any provider regarding exactly how their Cloud Computing services are engineered will
vary as will the ability to independently verify their claims (if such verification is required). One may
be told that a service is shared or not, one may know that the underpinning infrastructure is
virtualized, and potentially which technology products have been used to do so, or one may not. Even
where some information is provided, one may find that providers have necessarily constructed very
specific product configurations including enhancements to create their Cloud Computing service, so
even knowing which product and product version were the source of their environment may prove to
be largely irrelevant from an assurance perspective. One may be offered certain guarantees regarding
location and security of service as well as other service levels in a Service Level Agreement (SLA) or
very little may be provided by way of assurance. Where a provider is located in a different country or
continent further considerations in respect of the applicable legal environment may ensue. For some
consumers a given provision of service in respect to an SLA and sharing will be sufficient to satisfy
any compliance and regulatory concerns and for others they will not. The judgment will depend
largely upon the risk tolerance of the consumer and their assessment of each characteristic in
comparison to their particular requirements. There really is no “one size fits all”.
Multi-tenancy and location-independence may or may not be of concern to consumers. Where the
consumer is represented by an enterprise choosing to utilize Cloud Computing for their IT services,
then the end user (e.g., their employee or customer), will have little say in the service that has been
procured and provided. For individual consumers (e.g., you or I as individuals choosing to use a given
service over the Internet), we can, of course, choose an alternative Cloud Computing service if we do
not like the details of the service on offer from a given provider. This works when there is clarity to
consumers as to the Cloud Computing services in use, but in many cases (e.g., an online retail clothes
store), someone buying some trousers may have little detail other than a vague perception of “who or
what” the organization is that provides the store and where that might mean their data resides and how
it is protected. Details, if provided, are generally buried in the small print “terms of service” which
many consumers accept without reading in detail.
Ensuring that resource pooling doesn’t adversely affect different consumers requires that solutions are
designed so as to adequately protect all consumers (tenants of the pooled resources) from each other,
both in cases of routine use and also against deliberate malicious attack.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 20
Provider
Providers of Cloud Computing services will in all likelihood be using multi-tenancy, virtualization,
and automation extensively in the provision of their services. Virtualization is the fundamental
technology for allowing sufficient abstraction between hardware and operating system resource and
any workload to make pooling resources possible. Through its use the basic administration of the IT
environment (e.g., hardware and operating system software or applications), can reside with the Cloud
Computing service provider with devolved administration provided to consumers sufficient only for
them to configure and run their individual services. Different consumers would not necessarily share
databases, application instances, and configuration information stores. In terms of what may be shared
in any Cloud Computing service there is a hierarchy of physical sharing, starting with the buildings –
i.e., you share data center space – proceeding up through the IT infrastructure (e.g., you share a
physical network connection to the Internet and to the IT hardware), to sharing physical servers and
storage. Virtualization will abstract the physical sharing and create the impression of exclusivity. The
extent to which different consumers trust virtualization products used in storage and server and
network will be a discriminating factor between some enterprises using public Cloud Computing
services and others not doing so.
Location will be of concern to providers as well as consumers. For providers, location-independence
and location diversity will be key in maintaining service (e.g., for protecting against loss of a data
center or power or network connectivity). For a provider wishing to provide Cloud Computing
services then the ability to provide data backup and replication to alternative locations, the ability to
move server resources, and even to host in multiple countries or continents may be fundamental to
gaining customer acceptance particularly where legal restrictions or physical data security
requirements are paramount. For SaaS and PaaS there may be certain levels of protection effectively
built into the application or platform service (e.g., routine backups and multi-data centre and even
multi-country hosting). For IaaS while the possibility to construct such resilience may exist, it may be
largely a matter for the consumer to select and configure the individual components required; i.e., to
copy data to disperse servers to construct failover configurations, in a very similar way to the case
today with on-premise IT solutions.
Developer
The extent to which developers will be affected by resource pooling – e.g., multi-tenancy or location-
independence – will vary. If a developer is constructing an application to be hosted on a Cloud
Computing IaaS, then the use of virtual infrastructure may make multi-tenancy largely irrelevant as
the virtual environment will not be shared and will provide the illusion of a physical single-tenant
environment. Location may be of concern if the application needs to retrieve or present significant
quantities of data and these are dispersed around the globe. Developers may still need to design for
service availability (e.g., for applications to be hosted upon multiple clustered or load balanced
servers), for backup and recovery of data. Monitoring, alerting, and scheduling may all require
development or at least integration with other non-cloud tools. For enterprises with established IT
services hosted outside the cloud, the ability to incorporate Cloud Computing services into their
systems and service management tools will be important; extending management networks to several
Cloud Computing services may require additional work on the part of developers. Services which may
routinely be assumed to be a given in on-premise developments (e.g., authentication and application
sign-on), may need enhancement to work with Cloud Computing services if users are not to be
inconvenienced with multiple sign-on and multiple ways of doing this or that task.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 21
Rapid Elasticity
Consumer
One of the key concepts behind Cloud Computing is the ability to have a flexible computing service
(whether application or infrastructure) which you can expand or contract in line with business
demand. Elasticity and particularly “rapid” elasticity is the essential characteristic which enables this.
For consumers, although there are many potential reasons for adopting Cloud Computing (see Cloud
Computing Benefits and Cloud Computing Issues) one of the most prevalent is the ability to provide
or remove significant capacity almost instantaneously which might be impossible from an in-house
implementation or at least impossible without significant investment in resources.
Where workloads are variable or unpredictable or indeed for testing or trying out new business
concepts there are clearly advantages to being able to purchase a Cloud Computing service on a pay-
as-you-go basis which could grow or shrink in line with the demands upon it. That Cloud Computing
provides this capability is not an excuse for not planning or understanding the potential business
demands. Modeling the effects of different usage versus the charges from a Cloud Computing
provider will still provide valuable information to a business to allow it to understand its operational
costs. Pay-as-you-go procurement does, however, minimize the risk of operations where significant
capital outlay would be required based upon capacity estimates which might prove inaccurate
resulting in over or under capacity and the associated negative impacts of either.
There is a clear impact upon business finance from a change in how IT services are purchased. Capital
Expenditure (CAPEX) on hardware and software will be replaced by ongoing Operational
Expenditure (OPEX) for effectively rental of a Cloud Computing service. While the NIST definition is
clear that rapid elasticity is an essential characteristic for Cloud Computing, consumers need to
understand for any given service they purchase exactly how this capability is provided and what they
need to do to ensure its exploitation. With SaaS and PaaS, this may largely be accomplished by the
provider with charging based upon real transactions or user utilization. With IaaS it may be that the
consumer still needs to design an effective application and infrastructure solution to exploit rapid
elasticity. For example, IaaS providers let you schedule and run as many virtual servers as you wish
(though significant numbers may require advance notification), it is for you to determine how many
are required to host your application(s). You may need to perform your own monitoring of capacity
and utilization to ensure that excess virtual servers are stopped when not required or conversely that
additional ones are started when demand exceeds the resource available. The same architecture and
design practices employed in traditional IT solutions will still be necessary to allow the flexibility of
Cloud Computing to be exploited in this scenario, the difference being how you add or take away
resources and the impact this has upon your eventual costs. As many in-house IT environments are
still comparatively rigid with respect to server/application allocation (despite the increasing use of
virtualization), these practices may not be as well established as you imagine and existing application
environments ported to Cloud Computing will certainly need review and potentially enhancement.
Paying for what you use as you use it has its advantages certainly, but it also requires that consumers
understand the details of what they are billed for and when and exploit the facilities available to divest
excess capacity when it’s not required.
The offers available from different providers may be complex. Different applications (albeit that they
provide the same business function), may be charged by transaction or users or data quantities, or even
in the case of infrastructure, different virtual machine sizes with different amounts of memory,
processor, and storage and different regimes for charging for the use of networks. Consumers will
need to understand the competing offers and contrast these to requirements, assessing both technical

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 22
fitness-for-purpose as well as the commercial advantages, often against a range of possible usage
scenarios. Comparison with internal IT costs may also prove challenging as these may be difficult to
express in a sufficiently like-for-like way.
Despite rapid elasticity and the illusion it provides that cloud services can be “purchased in any
quantity at any time”, in reality capabilities will be limited. Providers will always have some
limitations on their capacity, finite numbers of data centers, servers, and application instances. Over
capacity costs Cloud Computing providers in the same way that it does any organization that owns
and operates data centers or application services.
The mass pooling of consumers to Cloud Computing providers helps to alleviate many of the issues
which frustrate enterprises running their own IT – peaks and troughs of demand can be balanced
between consumers to help to maximize utilization. Consumers may be from different industries or
geographies making it far less likely that business peaks and troughs will occur at the same time.
Notwithstanding this, consumers may still find that there are limitations to their ability to purchase
from any Cloud Computing service. There may be very real resource issues arising from over-
utilization (e.g., an inability of the provider to react quickly enough to grow their capabilities). There
may be barriers established to require either additional financial verification before allowing
purchases above a certain financial value or above a certain number of application, or infrastructure
resources. Default accounts may allow only limited usage. Pre-notification may be necessary before
substantial resources can be scheduled. All these facets need to be established by consumers as part of
their research into competing services and the necessary activities planned to counter any restrictions.
Price points may vary depending on the capacity purchased, thus rendering financial models based
upon incorrect assumptions of usage incorrect.
For the consumer of Cloud Computing services, rapid elasticity provides an assurance of ongoing
service availability. If the service can expand or contract in line with use then there is an increased
likelihood of continuity of service, even in situations where numbers of consumers are growing. This
assumes that the implementation of rapid elasticity has been successful, not only by the Cloud
Computing provider in their IaaS, PaaS, or SaaS offering but that this has also been embedded in the
developments of the services hosted upon or extending these services.
In summary, Cloud Computing has the potential for rapid elasticity. The extent to which any
individual provider of Cloud Computing services is able to provide this is more open to question and
the responsibility lies with the consumer to establish the fitness of any provider’s service. Infinite
everything instantaneously is certainly not a valid assumption upon which to proceed.
Provider
For organizations providing Cloud Computing services, the challenge is to attract and retain
consumers of their services and to do so while making a healthy profit. Forecasting how many
consumers will use how much and when is radically different from the same exercise undertaken for a
single organization with established patterns of business activity. Over-capacity will cost in respect to
infrastructure and applications deployed but not sold, under-capacity may lose customers and revenue.
Providers can work to mitigate some of these issues, through extensive analysis of consumer behavior,
establishing purchasing relationships with hardware and software vendors which allow for buffers of
excess capacity to be maintained at minimum cost, and to reduce delivery and implementation lead
times. Extensive use of virtualization, automation, and indeed process improvement can all be used to
advantage; making it easier to add, remove, or just re-allocate capacity. Risks might be offset through
the use of multiple suppliers (e.g., application providers could use infrastructure services from
multiple providers).

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 23
In many ways the situation becomes analogous to the forecasting and service provision undertaken by
utility companies. We have long become used to “electricity on-demand”; we expect when we turn on
a light switch that there will be sufficient electricity to power the lamp and certainly don’t expect that
we personally have to notify the utility companies in advance that at 17:30 tomorrow afternoon we
will require another 60 watts. The utility marketplace in most countries has matured to the extent
where usage can be predicted and provided to cater for the popular peaks of meal times, breaks in
television shows, and changing climatic conditions. Different means of generation are used to provide
baseline predictable capacity and additional capacity retained which can be brought online almost
instantaneously.
But at least in the case of utility companies the products are well defined – electricity, water, gas. The
Cloud Computing landscape is rather different. Even within a given service model (e.g., IaaS),
products vary from one provider to another (e.g., storage, storage with replication, virtual machine
servers of differing CPU sizes and numbers). Once we get into software, whether at the operating
system, middleware, or application level, the variety increases to the number of software vendors.
Providers may choose different means to help refine usage and forecasting (e.g., requesting advance
notification of usage above a certain amount), providing reduced prices for consumers who will be
willing to subscribe to lower service levels, establishing price boundaries and pricing patterns which
encourage or discourage consumer behavior (e.g., to make it more predictable).
Developer
For developers, the impact of rapid elasticity varies according to the Cloud Computing service being
developed. If a developer is working to develop a solution for deployment on a purchased IaaS then
the impact is greater. There are requirements to ensure that the elasticity of IaaS is exploited within
the application software (e.g., that usage is monitored and configuration changes executed to either
add or remove IaaS resources to suit). Some facilities may be provided by cloud providers to assist in
this regard, to monitor clustered server status, and to extend clusters, but the responsibility for
designing and implementing a successful solution will lie with the consumer and their developers.
Many of the considerations are the same as for developing a similar solution on-premise – the size of
databases, data design, application scalability, etc. – but the means to implement the chosen solution
may well vary because of limitations imposed by the service provider.
How extensible any given solution has to be still depends upon the market and purpose for which it is
being developed. Some applications may have very limited target consumers while others may be for
mass market and virtually unlimited use. Developing for a PaaS or SaaS may still require explicit
actions on the part of the developer if elasticity is to be successfully harnessed in the resulting
application, but the means for doing so may be largely determined by the PaaS or SaaS provider. Just
as understanding exactly how this characteristic has been implemented by Cloud Computing providers
is important to consumers in selecting between competing offers from a financial perspective, it is also
an important consideration insofar as future development is concerned. The impact upon developers
from different competing Cloud Computing services needs assessment. If it makes development more
complex, then it will be more costly and potentially more protracted. If one is porting an existing
application from an on-premise solution then this may be of particular concern as re-architecting and
re-designing an existing application can be more difficult than embedding features at the outset.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 24
Measured Service
Consumer
Consumers will require sufficient measurements from their Cloud Computing service to enable both
financial and operational judgments to be executed successfully. Services are generally charged per-
use, thus it is immediately obvious that usage must be measured. This may require many different
components to be measured separately (e.g., in IaaS charges are often distinctly calculated for storage
occupied, network data transfers, IP addresses, virtual servers). Each will require measurement to
ascertain number, size, quantity, and usage over time as appropriate to the charging regimes in place.
Similar measures will be required for PaaS and SaaS though from a consumer’s perspective they may
be represented differently and include per-user and per-business/software function calculations as well
as or instead of measures of infrastructure consumption.
Consumers need to be able to determine: should a given service be run in the cloud at all, or is it
cheaper with another provider or on-premise? While there will be an initial upfront choice based upon
forecast usage and published charging regimes, the choice made should be re-evaluated over time and
depending upon usage, the balance may well shift one way or the other. Operationally, consumers
having purchased a given Cloud Computing service will want to understand whether it is functioning
as it should (e.g., is the service up or down, is it working, is it performing?).
Where an organization already has on-premise solutions in all likelihood consumers will want to
integrate information about their Cloud Computing services with existing management tools to create
a full picture of their whole organization’s IT services. The ability to capture operational details in an
automated fashion in well-defined (ideally standards-based) formats will be necessary to make this a
reality without undue effort. Once a consumer has an established Cloud Computing service provider
there may well be further issues from expanding use to other business functions where a granularity of
charging is required (e.g., one may wish to ascertain separately the costs and operational performance
of an accounting system running in the cloud from a purchase order system). If these are all from the
one provider, then there needs to be a means of readily separating one from the other.
Consumers may indeed be outsourcing organizations themselves operating many IT solutions on
behalf of many customers. This may require additional features both with respect to service measures
but also to enable account aggregation/dis-aggregation. Services with good service-level measures and
monitors have increased availability and performance resulting in a better level of service to
consumers.
Provider
Providers will need to provide sufficient information upfront as part of their published charging
regimes to allow consumers to make informed choices regarding their purchases. Ongoing, they will
also need to provide sufficient detail to allow solutions to be managed operationally, including
integration with on-premise management solutions where this is a requirement. Providers will also
need to provide for accurate and detailed charging for their services. The level and detail regarding
charges will rely upon what can be measured accurately. This will depend upon what the competitive
market will bear, and will need to cover costs which, depending upon whether the solution being sold
is IaaS, PaaS, or SaaS, will include hardware, software, people, facilities, etc. Consumers may
represent individual organizations or multiple parties and, therefore, measurements may need to be
aggregated or not depending on the scenario. For example, in the case of an outsourcer, who in turn
provides services to multiple customers of its own, measurements may need to be aggregated to allow
the full cost and performance of services provisioned to be managed.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 25
Developer
Developers will rely upon the presence of service metrics to enable effective management of
resources. Although many of these may be available in much the same way as for any non-cloud
implementation and indeed if purchasing IaaS much more under one’s own control, there may be
limitations particularly with PaaS and SaaS solutions. Constraints could apply to what is available to
assist with managing the resultant solution, whether this is capacity/usage or real-time performance
metrics. Optimizing any implementation requires that developers understand and exploit the platform
upon which they are developing. This may require more or less effort from the actual developer as
certain platforms and tools encompass features and facilities to assist with optimization. Nonetheless
where you pay for what you use, usage is a concern; over-use will result in increased charges and
potentially a financially unviable solution. Whereas one may find that storing excess copies of data in
an on-premise application is merely an inconvenience; e.g., where that storage exists already and
would otherwise merely be unoccupied but still in the data centre and attracting maintenance and
operational charges. The same scenario in a Cloud Computing implementation will result in real
expenditure which could otherwise have been avoided.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 26
Service Models Explained
There are three options for Cloud Computing service/delivery models as defined in the NIST
definition:
• Infrastructure as a Service (IaaS)
• Platform as a Service (PaaS)
• Software as a Service (SaaS)
One can draw an analogy between Cloud Computing service models and the traditional computing
environment. Typically, to deploy an application we consider three layers, namely infrastructure,
middleware, and then the application itself. In a traditional environment the infrastructure layer
contains physical hardware (though in some cases it may be virtualized) providing computing power,
network, storage, and operating systems. Similarly, IaaS in Cloud Computing represents the
infrastructure layer composed mostly of virtualized environments providing computing power,
network, storage, and hosting operating systems and is made available to consumers as a service. In
traditional environments, middleware represents application server, web server, database systems,
supported programming environment, and tools. Similarly, PaaS in Cloud Computing represents the
middleware layer where supporting the platform is already installed for the consumer; i.e., decisions
have already been made on programming, application, and database environments for the consumer.
Finally, SaaS in Cloud Computing is similar to any application in a traditional environment but
deployed on a cloud environment, satisfying all the essential characteristics of Cloud Computing and
made available as a service to consumers over the Internet. Figure 7 illustrates the analogy between
Cloud Computing and traditional computing that we operated for the past decade and a half or so:

Figure 7: Traditional IT versus Cloud Computing
Though there are analogies and similarities between traditional computing environments and Cloud
Computing, there are also some key differences as summarized in Table 1.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 27
Table 1: Practical Differences between Cloud Computing and Traditional Environments
Characteristics
Cloud
Computing Traditional Comments
Time before service
can be accessed
Minutes/
Hours
Days/Weeks Once the Cloud Computing
environment is set up initially, you can
gain access faster than in traditional
environments where lead time is
needed for installation, set-up, and
configuration.
Capital expenditure
(CAPEX)
Pay-as-you-
go, Variable
Upfront cost,
Fixed
The pay-as-you-go model for Cloud
Computing reduces or eliminates the
large upfront costs incurred in procuring
hardware and software and standing up
traditional environments.
Economies of scale Yes, for all
organizations
For large
organizations
only
Cloud Computing not only provides cost
advantages in procurement of hardware
and software, it also provides cost
advantages from improved productivity.
Traditionally, lessons learned from one
environment must be duplicated in
other environments but, with Cloud
Computing, once the best practices are
applied they benefit all consumers.
Multi-tenancy Yes Generally no,
but can be
found in
application
hosting
Multi-tenancy if properly applied to
Cloud Computing allows providers to
effectively host multiple consumers
across shared resources. Whilst more
readily enabled in IaaS through the use
of virtualization, PaaS and SaaS
vendors may need to undertake
significant re-architecting of their
platforms or applications to apply multi-
tenancy to these elements as well as
infrastructure. Where this has not been
undertaken, consumers may find that
their platforms and applications are not
as elastic or cost-effective as
anticipated.
Scalability Elastic and
automatic
Manual Cloud Computing resources can often
be scaled up or down automatically,
whereas human intervention is usually
needed to add hardware and software
in traditional environments.
Virtualized Usually Sometimes Cloud Computing environments are
usually virtualized, whereas traditional
environments include a mix of physical
and virtualized infrastructure.
When deciding on a service model for Cloud Computing, a consumer needs to consider how much
control of the environment they would like to keep and how much they are ready to relinquish to
cloud providers. IaaS allows the maximum control of the environment to the consumer and SaaS the
least. On the other hand, consumers of SaaS will need to put in the least effort to scale whereas
consumers of IaaS may well need to undertake significant work to ensure their environment can be
scaled effectively. Understanding this difference is another factor to be considered in deciding upon
the appropriate cloud service model.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 28
In addition to these three service models, there is traction in the industry for Business Processes as a
Service (BPaaS). Proponents of BPaaS contend that BPaaS is more than SaaS; rather it is about
creating unique business processes in a value chain to connect multiple business processes from
multiple organizations in the ecosystem. BPaaS is about choreographing or orchestrating these unique
business processes connecting multiple trading partners. In the BPaaS service model, the consumer
has the ability to use the provider-defined business processes running on cloud services. The business
process interfaces with various client devices through lightweight interfaces such as a web browser or
email. The consumer does not manage or control the underlying cloud platform and infrastructure
including network, servers, operating systems, storage, business process management platform or even
individual business processes, and underlying application capabilities, with the possible exception of
limited consumer-specific process configuration settings. An example of BPaaS would be “process
healthcare claim” that has become a commoditized IT solution for healthcare insurers and payers.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 29
Deployment Models Explained
There are four options for Cloud Computing deployment models as defined in the NIST definition.
Public Cloud
A public cloud delivers services to any party on the Internet. In this cloud deployment model cloud
providers make resources, such as applications and storage, available to the general public over the
Internet. “Public” does not mean it is free and also it does not mean a user’s data is visible to the
public at-large. Cloud providers implement mechanisms to provide access control rights to users. The
main benefit of using a public cloud is easy and inexpensive set-up because hardware, application, and
bandwidth costs are covered by the provider. It has the additional benefits of elasticity and scalability
to meet demand and eliminates resource wastage because one pays only for what is used. Examples of
public cloud may be simple backup and storage services for home computers and personal files or
more sophisticated infrastructure platforms in the cloud for deploying applications and web services,
such as CRM, travel, and email services.

Figure 8: Simple Cloud Computing PC Backup Service
Figure 8 illustrates the Smith family members leveraging public cloud infrastructure to store, backup,
and share personal files and data.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 30

Figure 9: Use of the Public Cloud
Figure 9 illustrates cloud application for an enterprise deployed on a public cloud platform being
accessed by users from the enterprise itself and its trading partner.
Private Cloud
A private cloud delivers services to a single party (e.g., an organization) and is operated solely for that
party. The service might be managed by the organization themselves or a third party but its private
nature means that there are fewer concerns regarding security exposure, network bandwidth, etc. than
using public cloud services might entail. In addition, private cloud services offer the provider and the
consumer greater control of the cloud infrastructure, improving security and resiliency because user
access and the networks used are restricted and designated.
Private cloud is useful for larger enterprises. Different departments of a large enterprise may
encounter peaks in workload at different times in a month, in a quarter, or in a year. For example, a
finance department has increased workload during quarterly close and a payroll department during
payroll days at the middle and end of the month. During the workload peaks each department requires
enough computing power to handle their peak workload even though their average everyday workload
for the rest of the month or year is much lower. Having a private cloud in an enterprise allows these
peaks and troughs to be offset. This approach can deliver significant savings across the enterprise.
Community Cloud
Community clouds are clouds that are tailored to the shared needs of a community such as aviation,
healthcare, etc. Community clouds provide opportunities for enterprises with like concerns to share a
Cloud Computing environment, thus expanding upon the number of either applications or
infrastructure components which may be provided as services and achieving greater consolidation and
efficiencies of operation than would be possible for each organization on its own.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 31
Examples might be central government departments, where there are often similar security concerns to
be addressed which might preclude the use of public cloud but may be readily accommodated for a
government community cloud. Other examples could be a legal community that might decide to make
available legal briefs, filings, and decisions on a community cloud for the entire legal profession to
share, as shown in Figure 10.

Figure 10: Example Legal Community Cloud
A consortium of schools might decide on setting up a community cloud for processing student
applications. The aviation industry might decide to create a community cloud to share safety and
maintenance records of aircrafts and their parts from airlines and aircraft manufacturers worldwide to
improve public safety and to optimize the maintenance cost in the aviation industry as illustrated in
Figure 11.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 32

Figure 11: Example Aviation Community Cloud
Hybrid Cloud
Hybrid cloud is a combination of public and private clouds interoperating and working together. In
such scenarios it may be beneficial for some services – e.g., data, identity, security – to be federated
by an aggregator or a broker. In this model consumers typically place non-business-critical
information and processing on the public cloud, while keeping business-critical services and data in
the private cloud. The “cloud bursting” approach uses the hybrid cloud deployment model to
dynamically deploy software applications running on a private cloud or on-premise compute resources
to public cloud to address spikes in demand for the compute resources.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 33
Other Characteristics and Attributes
There are additional characteristics and attributes that strengthen the definition of what is and what is
not cloud. These characteristics are touched upon within the essential characteristics and are further
explained in this section.
Multi-Tenancy
Multi-tenancy is an important part of resource pooling, an essential characteristic of Cloud
Computing. It allows infrastructure, platform, software, and application instances to serve multiple
users/client providing a secure environment for each.
How multi-tenancy is enabled depends on the service model. For example, in the case of IaaS, multi-
tenancy of the underlying infrastructure is enabled by the virtualization of the infrastructure resources.
Multi-tenancy of a software application depends on the application architecture and whether it is
architected and designed to partition data and configuration for each client organization. The majority
of today’s applications are designed for a single tenant. One may not be able to retrofit to a multi-
tenant model without significant re-architecting.
Multi-tenancy depends on other characteristics such as provisioning, metering, and billing. It requires
the ability to provision for each tenant infrastructure, platform, software, and application services in
addition to user provisioning typical for existing applications. It also requires metering for usage both
at the infrastructure services level and at the software/application services level for charge-back or
billing.
Enabling Technologies
Virtualization
Virtualization is one of the most important enabling technologies for Cloud Computing. Virtualization
can be achieved at multiple levels. Hardware virtualization enables consumers to request logical
partitions of processor, memory, and storage. A workload manager monitors CPU demand and usage
and employs policies and SLAs to determine how much CPU resource is allocated to each logical
partition. Software virtualization occurs at the software layer and requires virtualization software to
manage multiple guest operating systems residing on the same physical server hardware. Each guest
operating system is isolated and unaware of other guest operating systems. Software virtualization
enables cloud management systems to rapidly relocate virtual machines in case of failure, taking
unused virtual servers offline, the movement of over-utilized virtual machines to physical machine
with unused resources, and the instant deployment of virtual servers online. As such, virtualization
enables many of the essential characteristics of Cloud Computing and hence is an important enabling
technology for Cloud Computing, albeit that Cloud Computing is not just virtualization. More on the
misconception that Cloud Computing is another form of virtualization later in this paper.
Service Oriented Architecture (SOA)
Cloud Computing depends on the core principles of service-orientation and the SOA concepts are at
the heart of Cloud Computing. SOA is an architectural style that relates (decouples but connects)
service providers and consumers through a set of service descriptions – interfaces and policies, using a
set of architectural principles such as modularity, encapsulation, loose coupling, separation of
concerns, composability, etc. These SOA principles enable cloud applications to scale better. The

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 34
more loosely-coupled components are in a cloud environment, the greater the chances are for cloud
applications to scale. If a component fails or underperforms, the negative impact will not be seen by
other components if the components are constructed in such a way that are loosely coupled and could
continue to perform normally. The best practices of service-oriented modeling, analysis, and design
are employed in identifying cloud services and designing cloud applications especially for SaaS
offerings. SOA is also a programming model with a set of standards and tools that the cloud developer
can still employ to develop cloud services. The relationship between Cloud Computing and SOA is a
two-way relationship. On one hand, the SOA paradigm enables the realization of some of the essential
characteristics of Cloud Computing and, on the other hand, deploying services on a cloud environment
at an organization improves the maturity of the organization in their SOA journey.
Figure 12 illustrates The Open Group Service Integration Maturity Model (OSIMM) [2] that assesses
the maturity of an organization in seven domains. These domains are: business, governance and
organization, methods, applications, architecture, information, and infrastructure and management.
These are mapped to seven different levels of potential maturity. By leveraging the cloud environment
to deploy SOA and services as illustrated in the OSIMM maturity framework, organizations can move
up in the maturity curve. Generally speaking a maturity level of six is attainable in some of the
domains through the deployment of services and SOA in a cloud environment. At a maturity level of
six, services are virtualized services, consumers invoke a “virtual service”, and the services are loosely
coupled from the infrastructure on which they are running, thus allowing greater opportunities for the
composition of services and ability to sense and respond. Deploying SOA in a cloud environment
facilitates the achievement of maturity level six in OSIMM.

Figure 12: The Open Group Service Integration Maturity Model (OSIMM) [2]
Internet
One of the bedrock characteristics of Cloud Computing is broad access to cloud services over the
network. Internet technology, standards, and protocols are at the center of providing this broad

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 35
network access in the Cloud Computing ecosystem, both for access using the Internet itself or
corporate networks in the case of private clouds. Cloud Computing leverages many of the prior
innovations in IT over the past 40 years. There are similarities in the evolution of the Internet in the
1970s-80s and the evolution of Cloud Computing that we are experiencing in the 21
st
century. The
evolution of the Internet enabled new kinds of human interaction such as email communication and
more recently social networking. In a similar fashion the evolution of Cloud Computing enables
different forms of interaction among organizations and individuals in terms of how they conduct their
daily business. Cloud Computing has enabled new kinds of interaction between consumers and
providers, between businesses and their partners, between business and IT vendors in terms of sharing
resources such as infrastructure, software platforms, and even software applications, services, and
business processes. The result is a very different way of doing business to traditional enterprise
models with businesses able to transform the speed and efficiency of ecosystem operation.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 36
Common Misconceptions Regarding Cloud Computing
Misconception 1: IaaS/PaaS/SaaS
While the NIST and other popular definitions of Cloud Computing have helped to define what Cloud
Computing is including the “aaS” as a service component of Cloud Computing, the relationship
between these three manifestations of cloud service has become blurred.
The Cloud Computing service models are often depicted as shown in Figure 13:

Figure 13: Cloud Computing Service Models
This illustration implies a relationship between IaaS, PaaS, and SaaS and gives rise to the idea that the
three service models are necessarily layered one upon the other. Although both software and platform
services will rely upon some elements of infrastructure (the fundamental “plumbing” of IT; e.g.,
servers, network, storage), to infer that all SaaS is founded upon a PaaS and that in turn upon IaaS is
an extrapolation which will not stand closer analysis.
Were this true, then for the service model and characteristics of Cloud Computing to apply then each
layer would have to be separately deliverable as a service with all the attendant components allowing
metering, account management, billing, self-service, etc. In reality, in a given purchase or
consumption of Cloud Computing services, the interaction is with one of these layers. One is either
buying or consuming software, platform, or infrastructure. That the means by which the provision of
this service is achieved is invisible and of no concern is one of the founding concepts of Cloud
Computing. Although it is tempting to assume that all sellers of SaaS services have reached extremely
high levels of maturity in their provision of infrastructure, that they employ sophisticated and highly
effective virtualization, for example, may not actually be the case. At the level of service interaction of
a consumer of SaaS it will not be apparent and nor should it be.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 37
Misconception 2: Private Clouds Don’t Exist
The NIST definition which we have examined at some length in this White Paper provides a definition
for a private cloud deployment model.
According to NIST:
“The cloud infrastructure is operated solely for an organization. It may be managed by the
organization or a third party and may exist on or off-premise.”
Some might question whether private clouds really exist. Can we really satisfy all the essential
characteristics of Cloud Computing within an infrastructure operated for a single organization? Would
such an implementation just be virtualization and haven’t organizations already done this?
If we continue to support the NIST definition, then as long as we really satisfy the essential
characteristics, perhaps we can have a private cloud. So, if we have:
• On-Demand Self-Service
• Broad Network Access
• Resource Pooling
• Rapid Elasticity
• Measured Service
in our “single organization infrastructure” whether on or off-premise and whether operated by the
organization itself or by a third party, we surely have a private cloud. Taking each in turn:
On-Demand Self-Service
Could we have such a service in place for just the one organization? Surely yes, whether this is
through a specific implementation of a technology solution developed for a multi-tenant solution in a
public cloud or whether it is slightly different (e.g., perhaps a development of a similar “sign-on and
administration portal” accessible only within the organization). Perhaps in an internal implementation
rather than fully-fledged purchase/payment mechanisms there are internal recharging facilities.
Unless this could be fairly simply assembled and require little effort to manage and operate, the
question might be whether it was really worth it. For one organization, how many services are going
to be running on this cloud, and how many will be added, changed, or removed over time? Initial
thoughts might suggest not so many, but in reality many organizations are running applications or
services which number in the hundreds, across a diverse and potentially distributed (geographic and/or
functional) organization. Providing a readily accessible area where these could be optimized within a
private cloud might still prove to be worthwhile and many of the benefits of Cloud Computing will
still accrue.
Broad Network Access
In the case of a private cloud, one might have to temper the definition of “broad”. We can still have
access for multiple end-user devices using standards-based methods. Access might still also be
possible over the Internet and then into our private cloud. As long as the potential exists for all the
organization’s users or customers to have access then perhaps access is broad enough for our
definition.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 38
Resource Pooling
Satisfying this characteristic is rather different and depends upon the level of interpretation one puts
upon “tenant” and “consumer”. If we have a large and diverse organization with multiple applications
and multiple responsible organization entities then perhaps tenants are different business area owners
or different application or business processes. This concept of tenancy could extend to all the users of
our applications (e.g., only employees or customers or in some cases external members of the public).
True location-independence may be less of a reality but certainly still largely invisible to consumers.
Many existing organizations own/operate networks of data centers hosting their applications, spanning
not only geographic locations within a given country but also globally. Even without private cloud,
consumers of an organization’s IT services may have little idea where these are hosted or nor indeed
care.
Rapid Elasticity
Rapid elasticity may still be a characteristic of a private cloud, the ability to expand and contract in
response to demand can certainly be accomplished particularly in a highly automated, virtualized
environment. One could automate the creation of additional virtual machines in response to business
demand and delete them when demand ceases. There will, however, be a finite limit to the expansion
– the available resources of the organization; e.g., servers, network capacity, data centre space. While
this is also true of providers of public cloud services, one organization alone will generally be less
able to afford an extensive holding of spare capacity “just in case”. It just wouldn’t make financial
sense to do so, unless there was a very real likelihood of the resources being consumed at some future
point. Organizations can offset the purchase of capacity, particularly where the pattern is continuing
overall growth through arrangements for on-demand procurement with hardware vendors, for
example. This arranges for the next capacity uplift to be already onsite but just not in use, but even in
these circumstances there are finite limits to what is available and it is reasonable to assume that the
available capacity is still far less than might be assumed in the public cloud.
While many might assert that this characteristic is typified through merely having a virtualized
infrastructure, it is important to remember that rapid elasticity will require both significant automation
and also interaction between applications and infrastructure to understand demand and to schedule up
or down the available resources. If expansion requires manual processes and configuration
amendments (e.g., to software or configuration parameters by system administrators) then any elastic
change will certainly not be “rapid”.
Measured Service
Although on-premise IT services, almost without exception, encompass various levels of monitoring
and measurement (e.g., for operational performance, for capturing failure conditions), this
characteristic requires all those measures which allow the automation of multi-tenant operation (even
where this is comprised of different applications or services for the one business organization). One
still needs to be able to cost the operation of each service or application running in the environment, to
provide these measures to enable purchase/use decisions; i.e., to help establish the business value of
IT. Effectively one should be able to “bill” each service according to its use of the private cloud.
So will your normal traditional on-premise IT system management and monitoring tools be able to
fulfill this requirement? This level of usage and charging and accounting has not always been
important for internal IT organizations. This has rarely been achieved within traditional IT where
basic measures against SLAs in respect of uptime and performance have been more important given

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 39
that the IT resources have already been acquired and the purchase and ongoing run decisions already
justified.
If you look at your use of private cloud in the same way as any other cloud and require that use is
financially justified, costs are understood and budgeted for by the business departments responsible,
then a similar level of transparency of the cost of doing business can be obtained from an internal IT
operation as from any other external service procurement. Where a given service could be hosted
within a private or public cloud having the ability to properly compare will also be facilitated if the
private cloud delivers a truly measured service. Really understanding the cost of on-premise service
provision (which will be necessary to produce accurate billing) will also make inefficiencies more
apparent and provide opportunities to further reduce costs.
With the continued growth in the interest in Cloud Computing, the attractiveness of private clouds has
not gone unnoticed by consumers and providers alike. Some of the most often quoted reasons for not
using Cloud Computing are concerns regarding security; e.g., where will your data be hosted, how can
you be sure it is being maintained and managed securely when you're sharing a server with completely
different companies? Private clouds can be a means for avoiding many of these security concerns.
Contrasted against this, the effort required to build a private cloud infrastructure bottom-up – the
virtualization, management, automation, and monitoring and measuring services – is a significant task
and one potentially beyond an organization’s abilities or at least prohibitively costly. To this end
“private cloud in-a-box” or “private cloud appliance”-type solutions are now available whereby either
one or a number of hardware and software vendors are selling preconfigured infrastructure which
provides these capabilities.
Misconception 3: Multi-Tenancy is a Given in Cloud Computing
For SaaS providers, the re-architecting of single tenant applications to achieve an SaaS multi-tenant
Cloud Computing implementation may require significant development investment. Although in
Figure 14 below it may seem trivial to add the appropriate access control and robust and secure
segmentation of data and configuration items required for each tenant, in practice this may require
fairly fundamental re-architecting of the application.

Figure 14: SaaS Single and Multi-Tenancy

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 40
Therefore, although it might not be the best long-term financial model to sell single-tenant instances
of an application as SaaS, this may be an appropriate interim measure. Developing the external face of
the SaaS solution would necessarily take precedence to engage with the marketplace, whereas the later
efficiencies of re-developing the application to allow multi-tenancy occupation of a single instance
might well be deferred, perhaps to take place in line with a major version enhancement.
From the perspective of the consumer of a Cloud Computing service, one may not know without
detailed discussions with any service provider which of these models is in use. Some providers may
advertise that they are operating multi-tenant, others may not, and indeed some may do both (e.g., to
cater for different requirements which would otherwise prohibit a sale). Examples of such criteria
might be legal restrictions on the location of data stores, significantly different service-level
requirements, etc.
Misconception 4: Cloud Computing is Always Cheaper than an On-Premise
Service
One of the principal benefits claimed for Cloud Computing services is financial; i.e., that it is cheaper.
Most of the references quoted by Cloud Computing vendors – e.g., Amazon Web Services on their
Economics Center [3] and in specific publications such as the Economics of the AWS Cloud versus
Owned IT Infrastructure [4] – make this claim and, in the difficult economic times that have prevailed
recently, it is a strong lure for potential customers.
Contrasting views have also been published (e.g., McKinsey & Company Report: Clearing the Air on
Cloud Computing [5]) which attracted considerable comment with its analysis of both Cloud
Computing and the cost versus benefits of Cloud Computing and traditional IT.
Although financial benefits certainly are possible from using Cloud Computing, each case must be
assessed based upon its own merits; i.e., an individual analysis taking into account the real costs for
the enterprise of the alternatives. That a given solution was financially beneficial to one organization
and Cloud Computing was the right choice for them, does not necessarily make it so for another. Costs
for providing non-traditional IT solutions will vary between organizations as indeed will the finer
details of exactly what each Cloud Computing consumer intends to implement. Even where the
fundamental requirements may appear to be the same, different approaches to risk management may
make the resultant solutions vary considerably – as therefore will the costs vary. Where one
organization requires greater assurance with respect to data security, for example, then additional
measures may require development over and above the default Cloud Computing offerings, all of
which will result in additional expenditure.
Where a solution requires integration with existing legacy then the benefits of Cloud Computing may
be reduced by the additional efforts necessary to satisfy this integration. Simplistic comparisons exist
between traditional IT and Cloud Computing alternatives, but rarely do these take into account all of
the factors relevant to every organization. In a fast-changing marketplace where prices and pricing
structures are variable (for example, simple pay-as-you-go charging has been supplemented by some
vendors with alternative costs for reserved capacity), analyses undertaken in the past may no longer be
relevant and should be treated with caution. There really is no short-cut alternative to you undertaking
your own comparison using a proper estimate of your traditional IT solution and its financial
costs/benefits with a realistic assessment of the Cloud Computing alternative (including any necessary
integration).

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 41
The nature of Cloud Computing – pay-as-you-go – also makes it necessary to understand the capacity
requirements in some detail. Over and under-estimation of requirements will result in a
misunderstanding of the costs and a very real difference in the resulting ongoing bills for Cloud
Computing services. While this is also true for traditional IT operations, and indeed may be perceived
to be lower risk for Cloud Computing where you can just pay for the next use as a small increment
rather than perhaps investing in a new storage array or new physical server in your data centre, it
requires a level of maturity in capacity planning that not all organizations have attained. Traditional IT
solutions have been built for estimated capacities (usually with in-built excess “just in case”) and
monitored for usage and growth thereafter in a very reactive manner in line with the ability to
reactively manage resource additions/deletions.
Our White Paper: Building Return on Investment from Cloud Computing [6] explores this area in
more detail providing an analysis of how to build and measure ROI that will help businesses reap the
benefits of Cloud Computing and take advantage of its potential for incremental improvement and
disruptive transformation of business processes.
Misconception 5: Cloud Computing is just Virtualization by Another Name
Virtualization first appeared in mainframes in the 1960s but has come to the fore as the means to
consolidate and manage the server sprawl many organizations have found since widespread adoption
of commodity x86 hardware in the form of distributed servers. Mainframe implementations of
virtualization allowed many users and software programs to run effectively, sharing expensive
mainframe hardware, but with the appearance of smaller, cheaper distributed systems many businesses
increasingly adopted a one application per server installation pattern. This has resulted in server
environments numbering not only 100s but often 1,000s, each of which might typically be only 5-15%
utilized.
Virtualization provides for the abstraction of the software environment (operating systems and
applications) from the hardware upon which they run. This has numerous advantages (e.g., the ability
to run multiple operating systems on a single physical server, increased utilization, reduced power and
space requirements, the ability to run legacy software on up-to-date hardware). Virtualization software
intercedes between the hardware and the virtual machines ensuring that each virtual machine has
access to CPU, memory, network, and disc resources. Importantly the operating systems and
applications are able to run unchanged in the virtual environment; i.e., just as if they were still resident
upon their own dedicated physical server. That the virtual machines are isolated one from another on
the physical server makes it possible to run workloads without concern for the failure of one
impacting the other.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 42

Figure 15: Server Virtualization
Against a background of low utilization, virtualization allows workloads to be consolidated and the
number of physical servers reduced.
Virtualization has the following characteristics:
• Isolation – Virtual machines are isolated from each other, thus problems and failures within
one do not affect the operation of others.
• Hardware-independence – Virtual machines can be moved between different variants of
server hardware without the need to, for example, change device drivers.
• Encapsulation – Virtual machines are encapsulated as files, making copying and moving
between servers a comparatively simple task and certainly far simpler than re-installing
software components.
• Compatibility – Operating systems and applications can run unchanged in the virtualized
environment.
Virtualization also enhances recovery options through the ability to image and relocate virtual servers
locally in the case of server failure and remotely should a more severe physical loss (e.g., data center
power) occur. Virtualizing end-user environments (e.g., desktop PCs) can also help to alleviate
problems with respect to patching, managing software installations and updates, and data loss through
centralizing to data center facilities.
Although virtualization is a key enabling technology for Cloud Computing, it is only when the basic
environment is extended to incorporate advanced management tools for moving virtual machines, for
monitoring and managing availability, recovery, lifecycle management, self service, chargeback, etc.
that a virtualized environment becomes capable of satisfying the essential Cloud Computing
characteristics.
Virtualization for x86 servers has been available for almost 10 years and has significant adoption
globally, whereas the maturation of management technologies to provide the more advanced functions
we associate with Cloud Computing is more recent. The capabilities required to provide our essential
Cloud Computing characteristics are typically sold as separately-charged software product packages;

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 43
existing enterprise users will therefore have different implementations including only those functions
deemed essential for their purposes. Some may have consolidated but not have implemented high
availability or disaster recovery features, or charge-back and self-service.
Although virtualization may therefore be at the heart of Cloud Computing, enterprises that have
adopted virtualization cannot necessarily be said to have implementations of Cloud Computing within
their data centers. The requirements for developing the greater levels of automation and self-service
have in all likelihood not been fundamental to on-premise virtualization implementations. Existing
mechanisms for requesting and providing IT capacity already exist between the business and its IT
department and computing use may be relatively static. If not static, then at least predictable, allowing
for resource scheduling at a slower pace than that required by public Cloud Computing providers or
for the achievement of rapid elasticity. Charge-back regimes are often rudimentary, potentially
consisting of rough metrics on users, or which department implemented a given service, whereas for
Cloud Computing the ability to measure and bill accurately is essential.
The situation is further complicated by the preponderance of virtualization software vendors
marketing solutions as Cloud Computing or Private Cloud Infrastructures or Cloud Operating
Systems. While these vendors may well be able to provide software products that enable the
functionality necessary to transform a virtualized infrastructure into a Cloud Computing IaaS (e.g.,
self-service portals, metering, billing, and policy-based orchestration), the presence of these functions
is not a given for basic infrastructure virtualization.
So, in summary, virtualization gives you a platform upon which to develop a Cloud Computing
solution but isn’t Cloud Computing in itself.
Misconception 6: Cloud Computing is a new name for Utility Computing or
Grid Computing
The similarities and differences of Cloud Computing and utility computing depend on the cloud
service model. The focus of Cloud Computing is availability and consumption of resources on a
network on-demand that can be rapidly provisioned without a consumer needing to have knowledge or
expertise about the resource itself and that can be self-managed with minimal involvement from the
provider. These resources vary from one Cloud Computing service model to another. The resources
that are made available for consumption in IaaS service models are infrastructure components such as
servers, networks, storage, whereas the resources made available in SaaS service models are software
components enabling some of kind of business or technical functionality. Utility computing on the
other hand provides infrastructure on-demand with the ability to control, configure, and scale. The
focus of utility computing is on infrastructure and, hence, the IaaS service model is closer to utility
computing than the SaaS service model. Utility computing does satisfy some of the essential
characteristics of Cloud Computing, such as on-demand and metering to support pay-as-you-go
pricing models. An example of utility computing is the renting of the computing resources (hardware,
software, and network bandwidth) of a supercomputer to multiple parties where users pay for usage
such as by actual processing time. This specific example of utility computing is not Cloud Computing
since it does not satisfy some of the Cloud Computing essential characteristics such as rapid elasticity,
location-independency, self-service, etc. Utility computing can be delivered as an IaaS service model
provided it meets the other essential characteristics of Cloud Computing such as broad access over the
network, resource pooling and multi-tenancy, rapid elasticity, and self-service with minimal
interaction with the provider.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 44
On the other hand, grid computing is distributed computing where the computing power of a large
number of computing resources loosely coupled, potentially heterogeneous, and located all over the
world are leveraged to solve a problem or a set of problems. Although grid computing displays some
of the basic characteristics of Cloud Computing, such as resource pooling, it lacks other characteristics
such as rapid elasticity, metering, self-managing, etc. Typically there is more likelihood that a grid
will fail if a single node fails, whereas in a Cloud Computing environment by virtue of its essential
characteristics, the Cloud Computing environment will continue to run.
In brief, both utility computing and grid computing satisfy a different subset of essential
characteristics of Cloud Computing and have played a role in the evolution of Cloud Computing, but
they are not Cloud Computing.
Misconception 7: Everything as a Service (XaaS)
The popularity of all things Cloud Computing in the IT marketplace today has resulted in a plethora of
“as a Service” offers from IT service vendors. Although many of these will undoubtedly fit within our
definitions of Cloud Computing, probably just as many will not. For all companies involved in selling
IT services today, it is tempting to jump on the Cloud Computing bandwagon, to be seen to be using,
selling, or building something in the cloud. The term “cloudwashing” (refer to:
http://blogs.forrester.com/james_staten/09-10-14-cloud_defined_now_stop_cloudwashing; accessed
March 2011) has been coined to describe the practice of simply re-badging existing IT services as
Cloud Computing.
Just because someone calls something “as a Service” doesn’t mean that it has all the characteristics
required to make it Cloud Computing. As we have already described in our examination of the
essential characteristics of Cloud Computing, from a provider’s perspective, achieving the
characteristics requires that they do things differently. This may mean completely re-architecting a
software package to make it multi-tenant or to include sufficient metering or even to make it effective
to run in the Internet from a performance perspective. Cloud Computing doesn’t just mean pay-as-
you-go; i.e., it isn’t just a commercial agreement with a provider, though yes you may get this as part
of the whole.
Some extensions to the use of as a Service will be perfectly valid; e.g., Storage as a Service or indeed
Database as a Service, which have been used by providers talking about subsets of the larger IaaS
model, may be perfectly legitimate. If you can use and purchase just storage and that service satisfies
the Cloud Computing definition in all other regards then fine. It’s easier perhaps to understand what
you are getting from your purchase. In truth of course, even storage sold as a service will include
some network use and perhaps storage replication but at the level of detail required by both providers
and consumers, this categorization of a particular feature of IaaS probably does no harm. Indeed many
of the leading Cloud Computing IaaS providers already have several individual offerings under the
IaaS banner – virtual servers, storage, database, essentially many of the individual components which
together make an infrastructure, each of which can be purchased separately.
Misconception 8: Using Cloud Computing means No More Architecture and
Infrastructure Design
The use of Cloud Computing, irrespective of the service model chosen, whilst managing to obscure
many of the details of how that individual service is provided, does not mean that architecture and
infrastructure design skills will no longer be required, whether to enable access to the chosen service,
to configure its component parts, or to integrate between multiple cloud and/or traditional IT services.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 45
Whilst the use of a simple Cloud Computing home PC backup service may not require such skills
even expanding this idea to an offsite backup for an entire organization’s applications will require
significant thought and potentially new skills in order to preserve security, provide scheduling, and
network bandwidth.
Misconception 9: Cloud Computing is about the Provision of IT Infrastructure
The very name Cloud Computing evokes images of vast data halls of servers, bits, and bytes in
memory, storage, and networks; i.e., infrastructure: the tangible plumbing of any IT system. The
popularity of IaaS providers and their offerings makes it easy to believe that Cloud Computing is just
about infrastructure, that the only services you can get are compute, storage, network and that the rest
is up to you to build, much as you would with any traditional on-premise IT solution.
On the contrary, Cloud Computing is much more than just infrastructure. The transformation being
brought about by Cloud Computing and indeed more correctly perhaps cloud services may be likened
to that which has already taken place in the mobile marketplace. Smart phones and tablets are
becoming the IT consumer product of choice to the point that for lightweight use they are seen as a
suitable replacement for a PC. Enterprises are finding novel ways to use smart phones in the
workplace and an entire new generation of applications is being developed for the newer, more
powerful operating systems. For end users the ease-of-use and the ability to personalize their smart
phone without significant technology complications and the better end-user experience they offer is
appealing.
Vendors have been quick to seize upon the opportunity that the mobile platform presents in providing
applications to suit almost every imaginable need whether mass market or niche. Although there are
still proprietary, closed mobile environments, and indeed very successful ones, there are also industry
initiatives to provide open equivalents. Irrespective, any application provider can place an application
in the application store (subject to meeting the technical specification) and any user with the
appropriate smart phone can select the applications that they want to use and expect them to work
without any significant technical configuration.
The same concept can be applied to Cloud Computing. For mobile applications substitute SaaS, for
the mobility platform substitute PaaS, and it becomes possible to see that, for cloud too, the future
reality should be more about the services which consumers can select and use rather than the
underlying hardware and operating system.
For cloud services to reach the same level of maturity as today's mobile applications will require a
concerted effort within the industry to agree and use standards which support the portability and
accessibility of cloud services. This hasn't happened as yet, but getting to this point will provide far
more potential benefit to consumers and providers of Cloud Computing alike than renting compute
power or storage over the Internet.
Misconception 10: Cloud Computing is Just Outsourcing Re-Packaged
Whilst many organizations have yet to use Cloud Computing, outsourcing is a commonly used means
of providing IT services. Contracts often comprise a fixed component based upon an identified set of
IT assets, number of servers, amount of storage or code functions, and applications. An agreed number
of small changes are often incorporated and a process for requesting and agreeing projects and major
changes established.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 46
Billing may be monthly and contract life varies but is generally a number of years (commensurate
with the difficulty and cost of changing provider). In many respects the outsourced service looked just
like it did when it was in-house comprising software and hardware support and maintenance, data
center power and space, and a cost for the associated people doing the various support roles. On the
plus side the requirement to directly manage many suppliers and IT staff is removed or reduced.
Whilst many contracts have contained the promise of technology transformation, incorporating this
into the contractual model has been difficult with many clients frustrated as a result.
More recently, rather than paying directly for infrastructure or application – where considerable
debate often ensued between the outsourcer and their customer as to how solutions were designed:
how many servers, how much storage, how complex the applications, which software products were
used – there has been an increasing tendency to price bundles of services together (e.g., desktops
including the hardware, software, and all support and maintenance and potentially technology
replacement at a given point in time).
Outsourcing companies have developed automated processes and standardized procedures to help
reduce costs and increase efficiency, but this doesn’t mean that they have necessarily embraced all the
changes required to offer Cloud Computing. Many have moved to multi-tenant environments sharing
many if not all of their infrastructure components and this has been reflected in contracts for slices of
shared infrastructure (e.g., storage per GB on a shared storage array).
Changing from outsourcing to Cloud Computing requires a more fundamental change, which will
affect the entirety of an outsourcer’s organization. Can you really self-serve in your outsourced
service, can you provision more or less of the application or server platform or storage? Does your
contract allow you to flex up or down your usage automatically and meter your usage to bill you
accordingly? Providing these capabilities is not something which will take place overnight. It will
require investment in tools, technology, and a fundamental review of the services and processes
provided.
If you still have to go through a lengthy process of request and response and have limited scope for
change in your IT contract with a provider, then irrespective of the glossy title of the service you are
purchasing, it is likely outsourcing and not Cloud Computing.
Misconception 11: Cloud Computing isn’t Green
Whilst sustainability has not to date been top of the CIO or CEO agenda, the emergence of legislation
to limit carbon emissions (e.g., CRC in the UK) and increasing evidence that sustainability can be a
means to save, not increase, costs is causing enterprises to look more closely at the sustainability of
their IT.
Until all suppliers provide comparable evidence of their real performance in this area it will remain
difficult to prove. The use of virtualization and effective resource management to turn on/off resources
and readily reassign them to correspond to real demand are all capabilities which should lend
themselves to a more energy-efficient and greener data center.
That doesn’t mean that all Cloud Computing services will necessarily be greener than your existing
services. If you have a very energy-efficient data center and little over-subscription of computing
resources then your service might be as green as competing Cloud Computing alternatives.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 47
Cloud Computing Benefits
The potential benefits of Cloud Computing are numerous and varied. We provide an overview of these
within this document and pointers where applicable to other Open Group publications which will
further develop any of those mentioned.
It will be noticeable that the same item may appear in both lists of benefits and issues (e.g., IT security
is a benefit and an issue). The applicability will be individual depending upon an enterprise's specific
requirements and current situation. There is no short-cut to performing the requisite self-assessment
and prospective Cloud Computing provider assessment to understand whether a given benefit or issue
applies to your circumstance.
Table 2: Benefits of Cloud Computing
Benefit Description
Shorter provisioning
times
The provisioning of servers, applications, and application environments is far
quicker and cheaper to do leading to quicker time-to-market for new products
and services, shorter project timescales, and faster benefit realization.
Reduced capital
outlay
The ability to buy computing resources, whether applications or infrastructure
on a pay-as-you-go basis reduces the need for capital investment in
hardware and software. This in turn may make it easier to finance projects,
which can rely upon revenue generation to finance project outlay far sooner
than would otherwise be the case. The burden of upfront investment and
thereafter capital depreciation and the risk of stranded investments should a
project fail is reduced.
Allows more use of
“try before you buy”
The ability to try a new product or service is enhanced through the use of
Cloud Computing services where the investment in trials and proof-of-
concept activities is much reduced. Trialing also reduces the risk of later
implementations.
Reduces the cost of
“one-off” activities
One-off activities which would otherwise be extremely costly to finance with
purchased or traditionally leased computing resources can be more cheaply
provisioned using Cloud Computing; e.g., migration or data
cleansing/conversion activities.
Costs associated
with testing can be
reduced
The ability to build, use, and delete test environments, paying for them only
when actually in use, reduces the financial burden associated with the
maintenance of test environments. Testing may also be more rigorous as
enterprises are able to deploy short-term large-scale environments for better
performance and volume testing than would otherwise have been possible
with traditional IT hosting.
Reduction in
internal data center
capacity
The ability to transfer peak load outside the internal data center using a
“hybrid cloud” deployment model will reduce costs as there is no longer a
need to retain under-utilized infrastructure reserved only for occasional peak
load processing.
Better architecture
and design
For most organizations their core competency is not IT systems architecture
and design, though of necessity they may have developed expertise in these
areas. Using Cloud Computing services from external departments will
reduce the reliance on internal IT resources and allow the purchase of IT
systems from Cloud Computing providers whose core competency is the
provision of IT solutions.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 48
Benefit Description
Consolidation and
central
administration
Part of the attractiveness of Cloud Computing and cloud services is their
ubiquitous accessibility. Many organizations have assembled over time a
network of distributed systems which are still not even centrally managed
never mind consolidated. As the reality of physical location and distribution is
masked within Cloud Computing services, from an administration and access
perspective the service appears as one entity making centralized
administration a possibility.
Greener IT (See also Misconception 11: Cloud Computing isn’t Green and Cloud
Computing Issues.) From the perspective of an individual enterprise whose
current IT environment may include under-utilized capacity and/or energy
inefficient data centers, the ability to provision only the capacity required
provides the opportunity to reduce carbon emissions and thus provide a
greener IT solution.
Resources Using Cloud Computing services and effectively taking much of the IT
administration out of an organization frees up resources for other more
valuable work. Alternatively, enterprises can reduce their dependence upon
skilled IT staff whose retention and remuneration may have been difficult and
costly. Remaining internal resources can concentrate on business value-add
activities rather than “keeping the IT lights on”.
Improved
administration and
maintenance
Performing routine maintenance is often a costly and time-consuming activity
for internal IT departments. Using Cloud Computing services reduces the
burden of maintenance and depending upon service design should improve
service availability, given that most Cloud Computing services will be highly
automated and highly virtualized.
Better quality
services available
from Cloud
Computing
That a Cloud Computing provider has many consumers of his services allows
that provider the direct opportunity to observe software performance and
quality first-hand. Bug diagnosis and fix/resolution should be quicker as the
environments are provider-controlled and sourced, leading to an overall
better quality of software service for consumers.
Better security Successful Cloud Computing providers will have to provide a suitably secure
environment for their consumers. Failure to do so will result in not only
reputational damage but in all likelihood business failure. Ensuring
separation of environments in a multi-tenant solution and physical security of
resources to maintain service will be of paramount concern for successful
business operation. The concentration of specialist IT security skills at a
Cloud Computing provider is likely to outstrip those possible for many
enterprises within their own internal IT organizations.
Flexibility Ability to scale IT services to directly match business consumption allowing
proper alignment of business and IT and the costs thereof.
Improved financial
control
Attributable charging and billing which allows business activities to be
effectively managed in line with their costs and benefits.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 49
Cloud Computing Issues
There are multiple issues and challenges which are felt to be barriers to the adoption of Cloud
Computing or require additional consideration over and above traditional on-premise solutions. A
number of these common issues are listed in Table 3:
Table 3: Issues and Challenges with Adoption of Cloud Computing
Issues Description
IT security and
compliance
Probably number one amongst the stated issues with Cloud Computing is
that of security. Given that we also included this in our list of potential
benefits, this may be surprising. There are many aspects to IT security:
physical security of data centers and the data that they host, electronic
security of data when at rest or in transit, and indeed the ability to be able
to mandate certain security solutions or validate compliance to prescribed
conditions. Some of the issues raised are also present in more traditional
forms of external IT service provision; e.g., outsourcing. For example,
perhaps you need to have vetting applied to employees who might have
access to your financial systems and data; there may be legal requirements
to have your data hosted in stated countries or under certain levels of
security protection; e.g., high-grade encryption. These are not new issues.
Cloud Computing, however, is a different IT service provision paradigm and
presents new challenges for enterprises who are seeking to move their
services to the cloud. The fundamental concept of Cloud Computing
whereby service consumers need not be concerned with exactly how their
services are being provided does not sit well in comparison to many
security criteria. As this is such a significant topic, The Open Group Cloud
Work Group [7] has a project looking specifically at Cloud Security. Further
information regarding this topic may be found on The Open Group website.
Not mature Cloud Computing is still new. There is little by way of standards and also a
comparative immaturity in management tooling for cloud services. The
marketplace is full of nascent companies offering innovative cloud services,
but we are already seeing an increasing number of start-ups and innovators
being purchased by recognized global IT brands. This situation is typical for
IT and is likely to continue apace for some time.
Lack of clear
definition of
components
The purpose of this White Paper is to help to move forwards the
understanding and definition of Cloud Computing in all its various guises.
Today, there is very little agreement over what is and what is not Cloud
Computing and therefore a huge disparity in the definition and qualities of
services being offered. For IT consumers the marketplace is confusing;
new entrants, new products, new services, and indeed older ones re-
badged as Cloud Computing abound.
Software licensing In the same way that it has taken time for many software vendors to come
to terms with virtualization and licensing their products to work in a flexible
virtualized environment, the same is also true for Cloud Computing and
software licenses. Licensing by processor or user for terms of one year and
more doesn’t sit well against a service whose payment premise is pay-as-
you-go. Software vendors are still reacting to the new commercial models
of Cloud Computing and potential consumers may find that the particular
software they require has yet to adapt.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 50
Issues Description
Service delivery
clarity
Fundamentally Cloud Computing is about the provision of an opaque
service the details of which are irrelevant. The requirement to know what is
happening to one’s IT service to understand when it is up and down, when
it is fast or slow, and not only when but why as required by service delivery
organizations and indirectly business users is at odds with Cloud
Computing. Whilst this is not a problem necessarily with private clouds, in
the public domain, service providers may only offer limited service metrics
and not only metrics but explanations after incidents or failures. Direct
service outcomes can be measured using service management tools by
consumer organizations but only to the extent that this information is
propagated by the service provider.
Calculating costs of
service
Moving from an upfront capital investment cost model to one where
volumes and usage directly dictate costs makes it incumbent upon potential
consumers to undertake proper estimates of their likely consumption over
time. It is easy to say that this was always the case even for traditional on-
premise IT solutions, but more often this was enacted only at a very
detailed level during service establishment and IT capacity usage
monitored thereafter without direct attribution to business processes and
business value. This whole area of costs versus benefits is explored in
more depth in the White Paper: Building ROI from Cloud Computing [6].
Lack of experience Many IT organizations have by now been involved in some form of IT
outsourcing and have already been through a process of adaptation to
make their operational processes extend to external organizations; e.g.,
how to process and manage change or incidents and problems. Cloud
Computing is yet another change which will further alter these processes
and ways of working. Within many IT outsourcing deals of today, whilst
notionally perhaps buying an IT service, it is often really a set of
components that are still being purchased; e.g., hardware and software,
break, fix, and maintenance. The details of what is purchased, which
products, when they are implemented, and upgraded often lies still largely
in the control of the purchasing organization. This is not the case with
Cloud Computing; for example, in purchasing SaaS you may have
absolutely no influence over when your SaaS vendor chooses to implement
the next maintenance or even major release of functionality into your
environment. The knock-on effects to users, management systems,
integration to other cloud or non-cloud services, and developers could be
extremely significant. At the outset, how to buy, how to operate, and how to
manage Cloud Computing services will be difficult for existing business and
IT departments as the impacts across the whole IT service lifecycle are felt.
Data access Signing up for Cloud Computing services may be easy, but what about
when you want to get your data back, either because you want to move to
another supplier or because your requirement for processing has finished
but you still want the data returned to you. How do you go about getting this
data? In what format, at what cost, how technically can you move it from A
to B? This is more of an issue with SaaS than other Cloud Computing
services. When purchasing PaaS or IaaS you are likely to have a greater
understanding and indeed control of data formats; with SaaS your data
could be held in any way in any proprietary format which works with the
SaaS solution you have purchased.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 51
Issues Description
Integration Few enterprises in existence today have the luxury of starting with a blank
sheet of paper where their IT systems are concerned nor of wholesale
movement to the cloud. For most enterprises, the truth is going to be that
some services will be provided from either private clouds or traditional IT
services hosted on-premise (or a combination) and some Cloud Computing
services (which may be a mixture of IaaS, PaaS, and SaaS). Integration
between these on and off-premise, cloud and non-cloud solutions will be
required, not only to address business functionality requirements, but also
for management and security; e.g., systems monitoring and management
and authorization and access control. Vendor compatibility will also be an
issue when integrating multiple services from different vendors.
Green IT To date there are few statements from Cloud Computing providers as to the
“greenness” of their solutions and there are contrasting views within the
industry as to whether Cloud Computing is inherently greener than
traditional solutions. One argument is founded upon an enterprise reducing
its under-utilized capacity, using only what it exactly needs and that this
must, of course, result in lower carbon emissions. This assumes that Cloud
Computing providers are more efficient at managing their larger resources
across their customer base and don’t actually end up carrying more under-
utilized capacity in total than their customers would have. To not be efficient
in this way would cost providers in the long run so one may expect that they
seek to minimize such waste, but will you know? How green is their data
center in comparison to yours? If you are moving from a data center which
is 10-15 years old filled with IT systems which have been acquired over
years and where server sprawl rather than consolidated efficiency is the
norm, then it may well be greener, but can you account for it accurately?
Will they provide you with sufficient details on energy consumption and
carbon footprint for you to comply with any regulations or corporate
objectives on sustainability? The case isn’t proven either way and it will be
necessary for potential Cloud Computing customers to investigate and
determine what their suppliers will provide by way of proof and compliance
on green issues including their whole procurement and business operation,
no less than is increasingly becoming a requirement with any organization
from which one obtains goods or services.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 52
Standards and Interoperability
Multiple industry-neutral and industry-specific standards bodies including The Open Group are
currently working on defining standards in the Cloud Computing space.
Some of the organizations working on developing standards on Cloud Computing are given below.
Visit the individual websites to learn more about these external standard activities.
The Open Group is a vendor and technology-neutral consortium, whose vision of Boundaryless
Information Flow™ will enable access to integrated information within and between enterprises based
on open standards and global interoperability. It has established a Cloud Work Group [7] to create a
common understanding among buyers and suppliers of how enterprises of all sizes and scales of
operation can include Cloud Computing technology in a safe and secure way in their architectures to
realize its significant cost, scalability, and agility benefits. It includes some of the industry’s leading
cloud providers and end-user organizations, collaborating on standard models and frameworks aimed
at eliminating vendor lock-in for enterprises looking to benefit from cloud products and services. The
Open Group Cloud Work Group has initiated several projects to enhance business understanding,
analysis, and uptake of Cloud Computing technologies, including cloud business use-cases, cloud
business artifacts, Cloud Computing architecture, service-oriented Cloud Computing infrastructure,
and security in the cloud.
The Association for Retail Technology Standards (ARTS), the standards division of the National
Retail Federation, released the draft version of Cloud Computing for Retail that will provide unbiased
guidance for achieving optimum benefit of this computer technology. The retail industry believes that
Cloud Computing will effectively lower IT costs for retailers. The paper is available from the ARTS
website at no cost to ARTS members and to non-members for a fee.
CloudAudit is a volunteer cross-industry effort from the best minds and talent in cloud, networking,
security, audit, assurance, and architecture background to provide a common interface and namespace
that allows Cloud Computing providers to automate the Audit, Assertion, Assessment, and Assurance
(A6) of their infrastructure (IaaS), platform (PaaS), and application (SaaS) environments and allow
authorized consumers of their services to do likewise via an open, extensible, and secure interface and
methodology.
The Cloud Computing Interoperability Forum (CCIF) is an open, vendor neutral, not-for-profit
community of technology advocates and consumers dedicated to driving the rapid adoption of global
Cloud Computing services. CCIF will enable the global Cloud Computing ecosystem whereby
organizations are able to seamlessly work together for the purposes for wider industry adoption of
Cloud Computing technology and related services. A key focus will be placed on the creation of a
common, agreed framework/ontology that enables the ability of two or more cloud platforms to
exchange information in a unified manner.
The Cloud Computing Use-Cases Group exists to define use-cases for Cloud Computing. It is a
collaboration of cloud consumers and cloud vendors, and is another step towards keeping Cloud
Computing open.
The Cloud Security Alliance (CSA) is a non-profit organization formed to promote the use of best
practices for providing security assurance within Cloud Computing, and provide education on the uses
of Cloud Computing to help secure all other forms of computing.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 53
The Distributed Management Task Force (DMTF) enables more effective management of millions
of IT systems worldwide by bringing the IT industry together to collaborate on the development,
validation, and promotion of systems management standards. DMTF launched a Cloud Computing
Incubator to address system management and interoperability for Cloud Computing. The incubator is
focusing on standardizing interactions between cloud environments by developing cloud resource
management protocols, packaging formats, and security mechanisms to facilitate interoperability.
The European Telecommunications Standards Institute (ETSI) produces globally applicable
standards for Information and Communications Technologies (ICT), including fixed, mobile, radio,
converged, broadcast, and Internet technologies. It has established a technical committee on cloud to
work on investigating and developing a standardized solution for using, integrating, and deploying
grid and cloud technology in existing and future telecommunication networks.
National Institute of Standards and Technology (NIST) is the US federal technology agency that
works with industry to develop and apply technology, measurements, and standards. NIST is
promoting the effective and secure use of Cloud Computing technology within US government and
industry by providing technical guidance and promoting standards. NIST developed a definition of
Cloud Computing as well as related guidance in collaboration with industry and government. This
White Paper cites this definition of Cloud Computing by NIST.
The Open Cloud Consortium (OCC) is a member-driven organization that supports the development
of standards for Cloud Computing and frameworks for interoperating between clouds, develops
benchmarks for Cloud Computing, and supports reference implementations for Cloud Computing.
The Open Grid Forum (OGF) is an open community committed to driving the rapid evolution and
adoption of applied distributed computing. The Open Cloud Computing Interface (OCCI) working
group within OGF is developing an API specification for remote management of Cloud Computing
infrastructure, allowing for the development of interoperable tools for common tasks including
deployment, autonomic scaling, and monitoring. The scope of the specification will be all high-level
functionality required for the lifecycle management of virtual machines (or workloads) running on
virtualization technologies (or containers) supporting service elasticity.
The Organization for the Advancement of Structured Information Standards (OASIS) is a not-
for-profit consortium that drives the development, convergence, and adoption of open standards for
the global information society. OASIS has established the OASIS Identity in Cloud Technical
Committee to develop profiles of open standards for identity deployment, provisioning, and
management in Cloud Computing.
The Storage Networking Industry Association (SNIA) provides leadership to the storage industry
worldwide in developing and promoting standards, technologies, and educational services to empower
organizations in the management of information. SNIA has created the Cloud Storage Technical Work
Group for the purpose of developing SNIA Architecture related to system implementations of cloud
storage technology. It published the Cloud Data Management Interface as an open standard allowing
interoperable cloud storage implementations from cloud service providers and storage vendors. This
interface provides the means to access cloud storage and to manage the data stored there.


Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 54
References
[1] NIST Definition of Cloud Computing, by Peter Mell and Tim France, Version 15, October 2009;
refer to: http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-def-v15.doc (accessed February
2011).
[2] The Open Group Service Integration Maturity Model (OSIMM), Technical Standard (C092),
August 2009, published by The Open Group; refer to:
www.opengroup.org/bookstore/catalog/c092.htm.
[3] Amazon Web Services (AWS) Economics Center; refer to: http://aws.amazon.com/economics.
[4] The Economics of the AWS Cloud versus Owned IT Infrastructure, Amazon Web Services (AWS)
White Paper, December 2009; refer to: http://media.amazonwebservices.com/
The_Economics_of_the_AWS_Cloud_vs_Owned_IT_Infrastructure.pdf.
[5] McKinsey & Company Report: Clearing the Air on Cloud Computing, March 2009.
[6] Building Return on Investment from Cloud Computing, White Paper by The Open Group Cloud
Business Artifacts Project (W104), April 2010, published by The Open Group; refer to:
www.opengroup.org/bookstore/catalog/w104.htm.
[7] The Open Group Cloud Work Group; refer to: www.opengroup.org/cloudcomputing.
Acknowledgements
The Open Group acknowledges all Cloud Work Group members that have contributed to this White
Paper. In addition to the co-chairs of the Cloud Computing Explained project, Ed Harrington of
Architecting-the-Enterprise made a particularly important contribution.

Cloud Computing Explained
www.opengroup.org
A Whi t e Paper Publ i s hed by The Open Gr oup 55
About the Author
The Cloud Computing Explained project was formed by the Steering Committee of The Open Group
Cloud Work Group to describe the concepts and terminology of Cloud Computing. Gillian Hughes
and Shuvanker Ghosh are its co-chairs.
Gillian (Gill) Hughes
Gillian (Gill) Hughes is a Senior Technical Architect at Capgemini currently working in Infrastructure
Transformation Services. Gill has 20+ years’ experience of infrastructure management, infrastructure
design, and infrastructure architecture gained working for a variety of public and private sector clients
including the definition of client IT infrastructure strategy and most recently the implementation of an
integrated Cloud Computing solution. Gill is an Open Group Certified IT Specialist and is also Open
Group TOGAF 9 Certified.
Shuvanker Ghosh
Shuvanker Ghosh is a Senior Architect with IBM Corporation. Shuvanker is currently working in the
emerging technology and architecture area and is a member of the business process optimization and
service-oriented architecture center of excellence. He consults and supports IBM clients across
multiple sectors by providing thought leadership, developing vision, and defining roadmap and
implementation in emerging technology, enterprise architecture, SOA, and Cloud Computing.
Shuvanker holds an MS in Mechanical Engineering from University of Maryland at College Park and
a BS in Mechanical Engineering from Indian Institute of Technology (IIT) in India. Shuvanker is an
Open Group Master Certified Architect.
About The Open Group
The Open Group is a vendor-neutral and technology-neutral consortium, whose vision of
Boundaryless Information Flow will enable access to integrated information within and between
enterprises based on open standards and global interoperability. The Open Group works with
customers, suppliers, consortia, and other standards bodies. Its role is to capture, understand, and
address current and emerging requirements, establish policies, and share best practices; to facilitate
interoperability, develop consensus, and evolve and integrate specifications and Open Source
technologies; to offer a comprehensive set of services to enhance the operational efficiency of
consortia; and to operate the industry's premier certification service, including UNIX

system
certification. Further information on The Open Group can be found at www.opengroup.org.