in this section, we will talk about different cloud architectures as well as the different roles involved in those cloud architectures.
First, there are four different major deployment models here.
The first is a private cloud, and this is where a single organization has multiple different business units and establishes and resource is their own private cloud, so only that organization can use. The called resource is
so it's owned and managed by the organization. So we have none of the concerns about who owns the data. Where is the data being stored? Is that after being handled correctly according to our business regulations on walls, none of those concerns exist because the organization's still controls all of the cloud. Resource is,
you don't have to go out to that cloud providers
Community cloud is where related organizations get together and pull. Their resource is thio by that physical hardware and maintain and operate that physical hardware. So different organizations will have a piece of the cloud that will maintain and operate and provide those cloud Resource is
ah, 1/3 party can come in and manage those resource is on behalf of those organizations, but only those organizations will have access to those cloud resource is,
ah, public cloud as open for general use to the public, so you don't have to be a member of a specific organisation. You don't have to be a member of a group of organizations. Anybody can go and create an account on the public cloud on example here, maybe drop box or ever note,
or any number of the different providers on the Internet.
On these public clouds are owned and managed by managed by businesses such as Google and Microsoft. It could be academic because it could be a university based cloud. Or maybe it's a government based cloud. Ah, government organization can host us this public cloud,
but the difference between the public lower on private cloud the public cloud is accessible to the general public.
Then finally, we have hybrid cloud, which is just a combination of two or more of these other models on do have to be a unique cloud. So to community clouds together would just be one giant community cloud. It wouldn't be considered a hybrid cloud, but if you have a public cloud
on a community cloud,
that would be a hybrid quality.
So thes climate models are typically bound together by some technology interface, and it doesn't able portability of applications. So should one cloud section go down, maybe that community cloud goes down.
The public cloud can pick up that application and still provide that service and provide that functionality.
Now for some diagrams to make that make a little bit more sense for a public cloud. Here we have our cloud provider that manages all of the hardware. Um, it brings a new hardware. It takes out the old hardware, and here we have clients that are connecting on clients or terminating access
in this inside outside Bagram.
This could be an organization, or this could be someone's house. So here we have the clients access in the public cloud from within some kind of security perimeter that could be an organization and perimeter. Or that could just be a regular home. Or maybe a hotel perimeter
doesn't really matter.
Next up is Private Cloud. There's two basic models here. First model is that it's completely controlled within the organization, so there is no resource outside of this organizational boundary, so there is nothing outside other than maybe a user
connecting in through a controlled interface
or an organization can rent some space through a cloud provider. But this thes cloud resource is are considered to be belonging to that specific organisation this cloud provider manages. The resource is on behalf of the organization,
but these resource is are not shared with any other tenant.
They're solely belonging to that, uh, one organization.
Now a community cloud will have a set of organizations that are both providing and consuming. Cloud resource is so the organization's AP and see here are both providing and consuming. Resource is
verses the organization's X, Y and Z. These air only consuming those called resource is they are not necessarily providing any resource is themselves. They're just taking advantage of the resource is provided by the other organizations.
Then here we have hybrid cloud where it's a combination of the different cloud models.
Now there are five basic cloud rules. The first rule is a cloud consumer, and this is the person or the organization who uses the cloud service. Usually a crowd consumer will pay some kind of money to access that cloud service. Or maybe that service is being offered free of charge
and the consumer just sees advertisements on the service.
Uh, somehow, the cloud provider is making money. Guarantee that one.
So the club consumer browses the service from the provider catalog, establishes the service contract and actually uses service. This could be male. This could be software. This could be a storage. Whatever it is, the cloud consumer has some kind of service contract with the cloud provider.
So the cloud software as a service, that's typically what we're gonna see here. The email, the office sales. Social networks could also be considered software of the service.
Um, platform and infrastructure as a service is also possible, though when you get the infrastructure of the service, it's more likely going to be an organization rather than a person purchasing infrastructure at the service.
Now a cloud provider is the other side of that coin on DIT is another roll, and it is the organization or the entity that is making that product available. It is making that service available so the cloud provider is responsible for managing that cloud interface. It's responsible for managing
the physical hot island
software and hardware of that particular fouled and depending on the cloud model software platform or infrastructure of the service depends on how much responsibility that cloud provider has.
The next wrong is the cloud auditor on this eyes. 1/3 party assess assessment that comes in and assesses the security on functionality and privacy of the cloud service is now. It could be a security audit. Be a privacy audit, be a functionality audit
could be all of the above. It could be a combination of the above.
Um, it depends on what kind of auto is being performed.
So a cloud our auditor will verify that the Cloud Providers Off Fung function analyst he claims, are legitimate.
That there are security level is adequate for a particular level of security or that their privacy level is adequate for a particular level of privacy.
And these are things that cloud consumers can expect the cloud providers to maintain, because that means the call consumer has some kind of level of trust in the cloud provider. Thanks to the Cloud Auditor,
the next role is the cloud broker, and the cloud broker helps the call consumer
find purchase and manage their cloud service is because many companies are staining up clouds. They're calling their new software there. You know Acme Cloud just make things a little bit more confusing for the consumer.
Now the call broker is there to help the consumer navigate those waters. So the co consumer contracts with the cloud broker says, Hey, broker, I want these service is I want this functionality. I don't know what's best. I don't have time to sit down and so on, sort through all the different providers.
Just provide me with the solution.
The cloud broker grams short. I'll go out and do that research for you and then provide you with the solution.
McCall broker contacts the cloud providers that are most accurately needed for that particular consumer and essentially brokers that deal.
Then finally, we have a cloud carrier, and this is essentially on additional layer of cloud because a cloud provider people writing a software as a service but themselves renting their own infrastructure of the service.
So that Cloud Carrier manages that connective ity and manages that transport of service is
between the consumer and between the provider.
so it does establish the service agreements with the providers, So this consumer has their own service agreement with the provider as Faras, the consumer is concerned
everything stops here because they're just relying on the cloud provider.
Now The Cloud Writer can have an additional agreement with the cloud carrier, creating a chain of agreements that is required for that particular plowed to be functional.
Your group us all together we have a cloud consumer right at the top. We have Cloud Auditor over here on the side,
and then the cloud provider has the bulk of the responsibilities here as faras cloud architectures because they have to set up infrastructure, platform and service
on software as a service as well as established. All of the hardware established the cloud server management and have privacy and security controls in place.
And then the cloud workers. It's to the side there to offer that service implementation, that service ever aggregation and that service arbitrage
was the car carriers. It's right at the bottom and provide service to all of the other rules.
Now there has been some regulatory efforts for cloud computing, primarily through nest, and this does have a series of special publications, so on for more details on how to secure the cloud and more details on cloud architecture. Definitely refer to these documents.
Bedroom for federal space also has some provider documents that are available
for the financial sector. P C I B S s has its own guidelines for call computing.
And then finally, the called security alliance is an organization dedicated to the security of cloud computing.