You are on page 1of 10

Case study based


By Nikhun Jena
The Cloud Service Models can be categorized into three main categories:
Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-
a-Service (SaaS) . Apart from this another cloud service is Storage as a Service
(StaaS) which allows user to store their data and access these anytime via internet.
Example: Amazon S3, Nirvanix etc. Any cloud service provider can provide any
one of the services or all three services together. There are many more service
models evolving around the cloud world, however, in this thesis we will also look
in to the advantages of having Risk Assessment as a Service and Encryption as a
Service (EaaS) as an additional security methodology.

Table 2.1 Cloud Service Models

d Definitio Exampl
Servic n es
Applications that are deployed over a Facebook, Google Apps
network, typically the web, accessible (email, calendar,
Software as
via browser or program interface; documents),
a Service
sometimes referred to as software on, Twitter,
demand ZenDesk, Zoho Office
PaaS A platform on which users can build, Google App
Platform as applications using languages, libraries, Engine, Red Hat
a Service services and tools supported by the OpenShift, Windows
provider Azure
Processing and storage capacity,
IaaS Amazon Web Services
networking and other computing
(EC2, S3, DynamoDB,
Infrastructu resources where the user has control
others), GoGrid,
re as a over operating systems and deployed
ServePath, FlexiScale,
Service applications; sometimes referred to as
Rackspace Mosso
utility computing

PaaS type of cloud computing offers a full or partial product development

tools or environment that users can access and utilize online, even in collaboration
with others and hosted on the provider's infrastructure. In PaaS developers create
applications on the service provider's platform over the Internet or web. PaaS
service providers may use Application Program Interfaces (APIs), gateway
software or website portals installed on the customer's premises. GoogleApps and (an outgrowth of are good examples of PaaS. At
present in cloud computing there is no standards for interoperability or data
portability for developers .


SaaS type of cloud computing model offers users the hardware

infrastructure, the software product and interrelates with the users through a front-
end gateway or portal. Here a provider authorizes an application to clients either
as a service on demand in a "pay-as-you- go" model or at no charge by a
subscription. These applications can be accessed from various thin client
interfaces such as web browsers. A user for this service need not maintain, manage
or control the underlying cloud infrastructure (i.e. network, operating systems,
storage etc.) . Examples for SaaS cloud's are Salesforce, NetSuite .


The IaaS type of cloud computing distributes a full computer infrastructure

via the web or Internet. Most popular IaaS providers like Amazon Web Services
offer virtual server instances with unique IP addresses and block of storage on
demand. In IaaS customers usually use the service providers (SP) application
program interface (API) to start, stop, access, modify and configure their virtual
servers and storage as is needed. Examples for IaaS cloud's are Eucalyptus (The
Eucalyptus Opensource Cloud-computing System), Amazon EC2, Rackspace.

This service is proposed as a demonstration model to provide data privacy

and protection in a particular organization. It also proposes a work-flow oriented
approach to manage data in cloud .


The idea of buying a hardware or an entire datacenter with a pay-as-you-

use scheme which can scale up and down as per user requirements can be termed
as Hardware as a Service (HaaS) . Examples for HaaS cloud's are Amazon EC2,
IBM's Blue Cloud Project, Nimbus, Eucalyptus, Enomalism .


This service is targeted for third party service providers who provide
Identity and access control functions (including users life cycle and sign-on
process). This can be used in combination with various other services (software,
platform or infrastructure services) and also for public and private clouds .


This service allows user to pay for the amount of data storage he/she is
using. With this service there is a separate cloud formed which provides storage
as a service . Examples of such kinds of users are Amazon S3, Google Bigtable,
Apache Hbase, etc .


This service allows users to create their own security policies and risk
frameworks. In this kind of service cloud users must identify, assess, measure and
prioritize system risks .


This is more general form of representing deployment of a service. These

services could be of any type and `X' in XaaS can be substituted by software,
hardware, infrastructure, data, business, IT, Security, monitoring, etc. These days
new service models are being developed . Examples are: IT as a service , Cloud
as a Service (CaaS) , Management as a Service (MaaS) , Models like Backup as a
Service (BaaS), Computing as a Service (CaaS), Authentication as a Service
(AaaS), Desktop as a Service (DaaS), Hardware
Solutions as a Service (HSaaS) and Disaster Recovery as a Service (DRaaS), etc.,
provided by Various Hosing providers in the IT Market. Some of the most
important services are lined up in the figure 2.1.

Figure 2.1 Cloud Computing – Separation of Responsibilities

computing-concepts- for-it- pros-2-3.aspx)

In a traditional on-premise IT Environment, the customer manages

everything, starting with network and finishing with apps. When customers use
some IaaS cloud service (think Amazon EC2) vendor does all hardware
management for the customer. But customer will still be responsible for all
software layers: operating system, database, frameworks, runtimes etc. PaaS is
higher level option where vendor provides customer with fully configured
platform that runs the required applications (usually it means customer might have
to adopt their apps somehow, but cost of adoption usually is not so big). SaaS is
top-level service option: vendor manages all components of customer‟s IT stack.
All three models are useful while they have different goals and user audience.

According to deployment model, cloud computing can be categorized into

four categories, Refer Figure 2.2 :

Figure 2.2 – Cloud Service and Deployment Models



A public cloud or external cloud is one base on the usual mainstream model,
in which service provider makes resources, such as storage and application,
obtainable to the general public over the Internet or via web applications/web
services. Maybe public cloud services are free or offered on a “pay-as-you-go”
model. In public cloud hardware, application and bandwidth costs are covered by
the service provider so it is easy and inexpensive set-up to the user. Using „pay-
as-you-go‟ model it may save resource from wasting . IBM's Blue Cloud, Sun
Cloud, Google AppEngine, Windows Azure Services Platform, Amazon Elastic
Compute Cloud (EC2) are good example of public clouds .


The term “Private Cloud‟ is also referred to as internal cloud or corporate cloud.
Here the provider provides services to a limited number of users behind a firewall
or users‟ access is limited to mitigate the security risk . For proprietary computing
architecture it could be a marketing term where marketing media uses the words
“private cloud” to offer organization that needs more control over their data than
using a third-party hosted service . Private cloud is good for companies' own privacy
policies however, from up-front capital cost, it is not that much beneficial “still it
cost money to buy, build and manage” . Amazon‟s Elastic Compute Cloud (EC2) or
Simple Storage Service (S3) is example of Private Cloud .


A hybrid cloud environment is the combination of public and private cloud

where the infrastructure partially hosted inside the organization and externally in
a public cloud . For example, an organization might use Amazon Simple Storage
Service (Amazon S3) as public cloud service to records their data but at the same
time continue in-house storage for instant access operational customer data.
Hybrid storage clouds are often valuable for record keeping and backup function.
It is a good approach for a business to take advantage of the cost effectiveness
and scalability .


A community cloud can be recognized where a number of organizations

have comparable necessities and very willing to share infrastructure so as to take
in the benefits of cloud computing. Here costs increase than a public cloud and
sometimes can be more expensive but may offer a higher level of privacy and
security. Google's "Gov Cloud" is a good example of community cloud .

The choice of the right deployment model is influenced by a number of

factors including cost, manageability, integration, security, compliance and
quality of service. Table
summarizes how each deployment model compares on the influencing attributes.

Table - Comparison of Deployment Models

Private Hybrid Cloud / Public On
Cloud Community Cloud Premis
Cloud e
Upfront High Medium Low High
Ongoing Low Medium Hig High
Costs h
Security High Medium Low High
Compliance High Medium Low High
Quality of
High Medium Low High
Integration High Medium Low High
Configurabili Mediu Medium Low High
ty m

Based on the above it can be inferred that although cloud computing offers
compelling benefits in terms of high availability, elastic scalability and fast
deployments, risks associated with the adoption cannot be completely eliminated
but can be carefully mitigated with extra measures.