Cloud computing services: taxonomy and comparison

Cloud computing is a highly discussed topic in the technical and economic world, and many of the big players of the software industry have entered the development of cloud services. Several companies what to explore the possibilities and benefits of incorporating such cloud computing services in their business, as well as the possibilities to offer own cloud services. However, with the amount of cloud computing services increasing quickly, the need for a taxonomy framework rises. This paper examines the available cloud computing services and identifies and explains their main characteristics. Next, this paper organizes these characteristics and proposes a tree-structured taxonomy. This taxonomy allows quick classifications of the different cloud computing services and makes it easier to compare them. Based on existing taxonomies, this taxonomy provides more detailed characteristics and hierarchies. Additionally, the taxonomy offers a common terminology and baseline information for easy communication. Finally, the taxonomy is explained and verified using existing cloud services as examples.


Introduction
Cloud computing (CC) is currently one of the biggest buzzwords and the amount of cloud computing services (CCSs) is increasing rapidly.Many big players of the software industry, such as Microsoft, as well as other Internet technology heavyweights, including Google and Amazon, are joining the development of cloud services [5,31,39,43,51,67].Several businesses, also those not technically oriented, want to explore the possibilities and benefits of cloud computing [36].However, there is a lack of standardization of cloud computing services [28,39,51], and each cloud service provider uses different technologies, protocols, and formats.Further, most clouds are very vague about the actual internal workings.All this makes interoperability when working with multiple services or migrating to new services difficult.Additionally, there is a big marketing hype around cloud computing, where providers of online services re-brand their products to be part of the cloud movement [50].The great amount of different cloud computing services makes it hard to compare the offers and to find the right service.
The vast amount of cloud computing services and the lack of universal definitions and standards lead to the question whether cloud computing services can be classified in a taxonomy based on their characteristics to easily compare them.
Table-based comparisons of cloud computing services exist [59], however, they are mainly for commercial use and the degree of detail varies greatly.In [55], a taxonomy has been proposed.However, [55] aims to find the strengths, weaknesses, and challenges in current cloud systems, rather than providing a method to categorize and compare existing and future cloud computing services.Moreover, [71] provides a state of the art and research challenges in the area of cloud computing.However, also [71], does not provide a method to categorize existing and future cloud computing services.Further, also the industry has published white papers describing cloud computing taxonomies, such as [37] by Intel Cooperation.Intel's white paper shows five categories and explains possible applications and services that can be offered for each.More distinctive characteristics of these services are not considered.
In this paper, a new, tree-structure based taxonomy is developed, which helps to easily and quickly compare existing and future cloud computing services.The classification can also help researchers identify areas that could be standardized.Additionally, the taxonomy offers a common terminology for easy understanding and communication about cloud computing services and their characteristics.The taxonomy will be based on current major cloud computing services, such as the Google App Engine [26], Salesforce.com [57] and Amazon EC2 [2]; but also new developments, such as the Eucalyptus platform [20], will be considered.The main focus is on cloud computing services for corporate use.
First, the current cloud computing services are examined and their characteristics are identified and explained.For this analysis, recent surveys and studies in the field of cloud computing services, as well as the information provided by the cloud service providers is considered.Next, the characteristics are organized to form the taxonomy.Then the taxonomy is explained and possible options for extension are given.Finally, the taxonomy is verified using existing cloud services.
This paper is an extended version of [32], which has been published at the EFSOI Workshop at Globecom, in December 2010.Here, we extended the research by updating the work with more recent information and by considering additional issues of cloud computing services.The introduction to cloud computing has been extended to give a more complete overview and definition.Further, during the study of clouds a difference in the amount of available information on the cloud services has been noticed.This has been added to the taxonomy as an additional "Openness" characteristic.Additionally, more characteristics to extend the taxonomy are described in a separate section and the use and extension possibilities of the taxonomy have been explained in more detail.Moreover, additional examples are included on classifying cloud computing services in the taxonomy.A performance analysis of the taxonomy itself is outside the scope of this paper.This has to be evaluated after the taxonomy has been used in further research.
The remainder of this paper is organized as follows.Next, Sect. 2 gives the definition of cloud computing that is to be used in our work.Section 3 presents the current cloud computing services.Section 4 describes their main characteristics.The design of the taxonomy is discussed in Sect. 5.The classification of cloud computing services in the taxonomy, as well as the use of the taxonomy for comparison is discussed in Sect.6 using current cloud computing services.Finally, Sect.7 concludes and it recommends future work.

Cloud computing overview
A cloud can be seen as a scalable infrastructure that supports and interconnects several cloud computing services; see Fig. 1.The cloud itself consists "of a collection of interconnected and virtualized computers that are dynamically provisioned and presented as one or more unified computing resource(s)" [10].The clients that are the users of the cloud computing services, use their home or work computer or any other Internet-enabled device to connect and use the cloud computing services.Generally, service-level agreements guard the provisioning of the cloud services.
The key attributes that distinguish cloud computing from traditional computing solutions have been identified in [5,37,46,65,71] and generally comprise the following: • Underlying infrastructure and software is abstracted and offered as a service.• Build on a scalable and flexible infrastructure.
• Offers on-demand service provisioning and quality of service (QoS) guarantees.• Pay for use of computing resources without up-front commitment by cloud users.• Shared and multitenant.
• Accessible over the Internet by any device.
The state of the art and research challenges of cloud computing services have been described in [51,65,71].Moreover, [51,65,71] describe the cloud computing architecture and the enabling technologies in more detail.The main underlying technologies are virtualization technologies to provide flexible and scalable computing platforms, Web services and Service Oriented Architectures (SOA) to manage cloud services, and distributed storage for backup and world-wide data access [65].
The National Institute of Standards and Technology (NIST) proposed the following definition of cloud computing: "Cloud computing is a model for enabling convenient, Fig. 2 The three main categories of cloud computing services [71] on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.This cloud model promotes availability."[40].This definition will be used as the basis for distinguishing cloud computing services and traditional Internet services.
Next, three service models are currently being differentiated-Software-as-a-Service (SaaS), i.e., online applications, such as web-based email, Platform-as-a-Service (PaaS), which allows customers to deploy their own applications, and Infrastructure-as-a-Service (IaaS), which provides, for example, processing power or storage [40].Some previous work considers additional service models, such as Service-as-a-Service [37], and Data-as-a-Service [31,65] or Storage-as-a-Service [31], but generally it is possible to group these with the existing three service models.However, beyond these service models no further categories are considered in current definitions.
Several cloud architectures have been proposed.A reference architecture and implementation of a service-oriented infrastructure (SOI) using open standards and recent virtualization and SOI technologies is the European Union funded RESERVOIR project [52,56].The RESERVOIR architecture has been developed jointly with IBM and is described in [56].Another architecture is Aneka, which is a .NET based PaaS architecture for building .NET applications [63].A market-oriented implementation of the Aneka architecture has been described in [10].In [33], IBM describes a service-oriented framework for building a low-cost, scalable, and secured platform for web-delivered business services [33].Finally, in [60], a description of each of these architectures is given and an additional service-oriented cloud computing architecture is proposed.

Current cloud computing services
The main differences between the cloud computing services that are deployed are related to the type of service offered, such as (1) storage space and computing power, (2) platforms for own software deployment, or (3) online software applications, ranging from web-email to business analysis tools.Based on these differences, the NIST has already proposed three main categories of cloud computing services [40].The three service models are depicted in Fig. 2. In this section, a few cloud computing services of each category will be discussed to gain an overview of the existing services.Existing taxonomies [31,55] and related work [59,66] have been considered to make a selection of the current cloud computing services for this overview.As additional source of information the websites of the cloud services have been used to provide more details on the service.

Infrastructure as a service
Cloud infrastructure services typically offer virtualization platforms, which are an evolution of the virtual private server offerings, that are already known for years [31].The customers buy the resources, instead of having to set up servers, software, and data center space themselves, and get billed based on the resources consumed.They deploy their own software on the virtual machines and control and manage it.The virtual instances can be rented for as long as necessary, which can be as short as an hour.The amount of instances can be scaled dynamically to fulfill the customers' needs.Billing is based on this amount, the duration, and additional services used, such as additional storage space.Providers often have data centers in multiple locations to offer quick access all over the world.Web interfaces allow monitoring of the cloud service.Some providers make it possible to connect the virtual instances to the company's network via VPN (Virtual Private Network), to make the company network seem like one big scalable IT infrastructure.These solutions are called hybrid clouds, as they connect the company's (internal) private cloud with the public cloud of the IaaS provider [51].
Online storage and backup services fall in the category of IaaS.Like most virtualization platforms, there are several storage solutions intended for corporate use, but there are also special services for private individuals.Corporate services range from temporal to permanent and from general additional storage space to extend the company's internal capabilities, to storage services aimed at database-structured information.These latter services are billed based not only on the amount of storage space used, but also on the amount of queries on the data.Further, there are specially designed services to extend the storage amount offered with standard virtualization instances.
For private individuals more and more cloud storage and backup services are offered.Laptop and netbook manufacturers, as well as, operating system providers advertise for additional web-storage.Files can be stored on the provider's servers as backup or to synchronize multiple workstations and can often be retrieved from different locations, as the services are often accessible also with a web-browser, such as Rackspace's CloudFiles [53].
Rackspace offers online storage for corporate and private use [53].Another storage provider is Nirvanix [44].Amazon offers data storage facilities either in combination or separate from their EC2 instances, called Amazon Elastic Block Store (EBS) and Amazon Simple Storage Service (S3), respectively [2].Amazon also provides special database solutions, such as the Amazon SimpleDB [2].

Platform as a service
PaaS providers offer a managed higher-level software infrastructure, where customers can build and deploy particular classes of applications and services using the tools, environments, and programming languages supported by the provider.The offers include the use of the underlying infrastructure, such as servers, network, storage, or operating systems, over which the customers have no control, as it is abstracted away below the platform [31,40].
Platform services are mostly aimed at specific domains, such as the development of web applications, and are dependent on the programming language.Customers get a separated environment to test and develop or to permanently deploy their applications.Google's App Engine is targeted at traditional web applications offering a Java or Python environment [26].For small nonscaling applications, the Google App Engine is free.On Microsoft's Azure platform, applications can be developed using the .NET libraries [5].Microsoft uses their cloud offers to promote their own software packages [31].
Bungee Connect is specifically designed for cloud application development and deployment [9].A PaaS of a different domain is Force.com[23], which allows companies to develop customized business applications, similar to the offerings of Salesforce.com.

Software as a service
Cloud software offerings typically provide specific, already-created applications running on a cloud infrastructure.A very well-known SaaS is the web-based e-mail.Most software cloud computing services are web-based applications, which can be accessed from various client devices through a thin client interface, such as a web browser.The customers of these services do not manage or control the underlying infrastructure and application platform; only limited userspecific configurations are possible.Features in standard nonremote software applications providing Internet-based storage are also often considered to be part of SaaS offerings.
A software cloud service intended for corporate use is the Salesforce.comservice [57], which offers business analysis and customer relationship management (CRM) tools.Appian Anywhere is another domain specific SaaS offering business process management tools [4].Popular software services also intended for private use are the Google Apps.These include calender, contacts web-based email, and chat capabilities, as well as the Google Docs package [27,30], which allows access and sharing of documents, spreadsheets, and presentations.Another document sharing and backup service is Box.net [7].SmugMug is intended for video and photo sharing and uses Amazon S3 [58].

Open-source based services
Although some cloud service providers use open-source software or platforms, the base systems are usually proprietary.However, there are a few entirely open-source based platforms, as well as applications and tools available to manage mainly IaaS cloud services.These tools allow the user to monitor, manage and control the virtual instances.
Unfortunately, most open-source cloud computing services are at the infrastructure or platform level and very few SaaS open-source applications exist.Further, almost all open-source platforms are based on Linux operatingsystems limiting the customer group to these operatingsystems [68].
The Eucalyptus cloud is mainly aimed at private clouds [20].Groundwork is a commercial open-source cloud management system that works with Amazon's EC2 [29].Open-Nebula is a "standard-based open-source toolkit to build private, public, and hybrid clouds" [48] and can be used with the Amazon EC2 service.The Nimbus project is also built on an open-source basis.It is maintained by the University of Chicago and was set up for scientific computations [61].

New developments
New developments include the offering of computer-games that are completely hosted in the cloud.This will make portability easier, as the game can be resumed from a different location [19].Also, it is less dependent on the user's hardware and less prone to piracy.
A rather new and not yet commercially available idea is the offering of cloud computing resources, such as computing power and data storage, to support smart phones and other resource-starved devices [1,35].Since mobile phones have limited processing power, storage space, and battery life, such an offer would make it possible to run more sophisticated applications and offer more services to smart phone users [42].These services could be provided through Wi-Fi and 3G connections, and eventually, 4G and WiMax [42].

Main characteristics of cloud computing services
As seen above many different cloud computing services exist.The most apparent difference, the type of service offered, has been addressed.In this section, the common characteristics of Iaas, Paas, and SaaS cloud services will be examined.Then for each category, more specific characteristics will be discussed.It is likely that the list can be expanded further, however, the selected characteristics allow more clear distinctions at each level of the taxonomy.A few additional categories that can be used for future expansion are described in Sect.4.3.

Common characteristics
The shared characteristics are the license type, the intended user group, the security offered, formal agreements between the provider and the customer, as well as payment systems, interoperability, and adherence to standards.In the following sections, each of these features will be discussed.

License type
Most cloud computing services use proprietary software and licenses.However, several cloud computing providers make use of open-source software and platforms.Amazon uses the open-source Xen technologies [2] and Google's PaaS offering is built around the open-source Python programming language [26], but their core cloud computing service and additional services are kept closed-source.A lot of cloud monitoring software is open-source based, as well as smaller cloud computing services, since small players often lack the power and influence to push proprietary software on the market [31].
License types also play a role when offering infrastructure-and platform-level services.IaaS providers do not suffer from software licensing issues when renting out their virtual servers without operating systems installed.However, when including operating systems and software packages, this can cause potential problems as to how the customer should be billed when using the service for a limited timeperiod.Often additional fees for the software use need to be paid.Other platforms only use their own software, such as Microsoft Azure.Software licensing has been identified as a current obstacle for cloud computing in [5,31,45].

Intended user group
Some cloud computing services differentiate between corporate and private use.Most IaaS and PaaS offerings are intended for companies, whereas SaaS offerings exist for corporations, private individuals or both, such as the Google Apps [27].However, this does not imply, that services aimed at companies cannot be purchased by individuals.
A further distinction in the corporate and private user group can be made between mobile and fixed users.Mobile users access their cloud computing services from anywhere, be it at the office, at home, form a desktop, laptop, or hand-held.Fixed users are stationary and typically use the same device to connect to the service.Once cloud computing services intended to support smart phones and other lowresource devices are available (see Sect. 3.5), an additional group, based on this hardware type, can be considered.

Security and privacy
Security and privacy are important aspects, especially when important data resides on the cloud's servers.Loss or leak of data cannot just cause loss of revenues but also legal actions [43].In particular, when handling personal data, certain regulations may apply, such as the European Union directives 2002/58/EC [22] and 95/46/EC [21].The EU's data protection laws state, for example, that data may only be stored in countries with adequate protection and for certain data it is necessary to know the physical location of the data, which is not always possible when using cloud computing technologies.Due to the absence of standards, cloud security, data privacy, and ownership are approached differently by each provider [70].
Generally, encryption and authentication should be used on all cloud services.Encryption can guard, for example, against interception between virtual machines at network level [64].For the taxonomy, the security measures are divided into external security, which considers the security measures, the cloud provides to secure the access to the cloud, and the internal security, which addresses the internal security mechanisms the cloud offers to separate and secure the different virtual instances and clients within the cloud.The latter is left for future expansion of the taxonomy and is discussed in Sect.4.3.2.
Most cloud services can be accessed with a web-browser and the standard HTTP (Hyper Text Transfer Protocol) is used to connect to the cloud.To provide encryption and secure identification of the server SSL/TLS (Secure Socket Layer/Transport Layer Security) is used.Further security approaches used for authentication and authorization include PKI (Public Key Infrastructure) and X.509 SSL certificates [70].However, these mechanisms need to be implemented properly.The Amazon EC2 uses public-keys for authentication [64].

Payment systems
The payment system used for cloud computing services is one of the distinguishing characteristics.The main difference between the traditional form is that true cloud services are billed based on dynamic use [31,66].Rather than paying a fixed monthly or yearly charge, the customer only pays for the resources consumed.The resources could be the number of virtual instances, data storage amount, bandwidth, compute time and resources (CPU or RAM), and transactions (measured in Gets and Puts for databases), as well as combinations of these.
Still cloud computing services can use different payment systems, based on the resources used.The most frequently used pricing model is pay-per-use, in which (resource) units or units per time are associated with fixed price values [66].When using dynamic or variable pricing, the price is established as a result of dynamic supply and demand, for example, as the means of auctions or negotiations [66].Zimory.comuses dynamic pricing [72].A few cloud services are free of charge, such as Google Docs and the Google App Engine (free up to a certain level of computing resources) [26].Customers of Amazon EC2 are billed monthly for the resources used based on the pay-per-use model [2,59].GoGrid users can choose between pay-asyou-go billing, i.e., customers only pay for the resources they deploy, or prepaid plans, for which customers get "a prepaid allotment of cloud server resources at a discounted rate for a fixed monthly cost" [25].

Standardization
Standardization refers to the use of common APIs (Application Programming Interface) and architectures, as well as, technical standards.These standards can either be approved and "maintained by an organization such as ANSI or the ISO, or they can simply implement a commonly-used or familiar interface (de facto standards)", from [31].
So far, there are no clearly defined and widely adopted standards, though this would be beneficial to cloud computing customers and service developers.Standards would increase interoperability and allow possible customization, due to the technical transparency.Further benefits include price advantages and greater availability of substitutes, because of increased competition.
Standardization can be applied to cloud architectures, protocols, cloud service identifiers and description languages, as well as formats, virtualization technologies, and service-level agreements.The ETSI (European Telecommunications Standards Institute) TC CLOUD has identified the current standardization requirements for cloud computing services in [45].
There are several organizations attempting to create such standards [28], including the Cloud Computing Interoperability Forum, which tries to develop a framework that enables two or more clouds to exchange information [12].Sponsors include IBM, Sun Microsystems, Intel, and Cisco.The DMTF's Open Cloud Standards Incubator also aims to standardize interactions between clouds by creating "resource management protocols, packaging formats and security mechanisms to facilitate interoperability" [18].Further, the DTMF also maintains the Open Virtualization Format (OVF).The Open Cloud Consortium provides testbeds for cloud computing [47].The Cloud Security Alliance (CSA) is working on standards for security and privacy and aims to promote "best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing" [15].As mentioned earlier, the NIST has proposed and is further working on a definition for cloud computing [40].The Cloud Standards Wiki tries to gather information about the different organizations working on standards and definitions [16].

Formal agreements
The most commonly used formal agreements are service level agreements (SLA), which formally define which level of service the customer can expect and should address latency and QoS (quality of service) [39].Typically, SLAs include technical specifications of measures, such as uptime or turn around time.Most SLAs also state what compensation the customer can expect in case of failure.Amazon's SLA states, for example, that if the "Annual Uptime Percentage for a customer drops below 99.95% for the Service Year, that customer is eligible to receive a Service Credit equal to 10% of their bill" [3].
Due to the lack of standards most cloud service providers use SLA agreements to convince potential customers to use clouds "even for mission-critical industrial services, as these SLAs with one single provider are enforceable", from [66].

Openness of clouds
During the study of the different cloud services, it became apparent that cloud computing providers do not always supply the necessary cloud service information to their users.In particular, we have identified a number of aspects that should be made available to the cloud computing service user.These aspects are: (1) Hardware used by the cloud service, (2) software used, (3) identify whether the used cloud computing solutions are standardized, (4) geographical location of the used cloud data centers, (5) details on the used security solutions, (6) information about backups and maintenance of user data, and (7) outsourcing that shows whether a provider outsources part of their operations to a third party.
To categorize the openness of cloud computing services, four level of information disclosure are considered: Unknown/limited, Basic, Moderate, and Complete.At the "unknown/limited" level no or vague to limited information is given about the cloud computing service.At the "basic" level, basic information is available about the seven aspects identified above.Here, basic means that about two to three facts are stated about each aspect.These facts can include assumable and guessable information.The "moderate" level is similar to the basic level, however, more details are given about the aspects.The most open level is the "complete" level.Here, detailed information is available about each aspect.

Specific characteristics
The most important characteristics of cloud computing services are explained above.As for the common characteristics, more specific features of infrastructure, platform, and software cloud services often do not allow clear distinctions within the chosen characteristic, therefore, only a few features are discussed below.

IaaS-specific characteristics
Characteristics to be considered are the supported operating systems and applications/frameworks, as this might be important to potential customers.Most IaaS providers support Linux systems, but some also have Windows and Open-Solaris support.Widely supported applications include the Apache HTTP Server and the MySQL database software.Another characteristic that is important for developers is whether and what kind of development tools the provider supplies.This could include an API or special commandline tools [59].Services comprising virtual instances can be further differentiated based on the virtualization technology used.Xen [14] is currently used by most providers [59].

PaaS-specific characteristics
An important platform-level characteristic is related to which programming languages and environments are supported.Google's App Engine, for example, currently only supports Python and Java environments.The supported operating systems and applications can also be a relevant feature.

SaaS-specific characteristics
Software cloud services vary a lot.A characteristic to be considered is the customer/application domain of the offered service.This domain could be customer relations or other business management areas, office applications, social networking, and data exchange.

Additional characteristics for expansion
This section describes further characteristics which can be used to expand the taxonomy.These characteristics are interoperability and portability, internal security, and cloud performance.Since these characteristics currently do not offer clear cut distinguishable options, they have not been added in the current version of the taxonomy.

Interoperability and portability
Currently, cloud service customers are tied to a provider and switching costs are high, due to the incompatibilities of the cloud products [66].This might be attractive to cloud computing providers, but it implies that customers are subject to price increases, reliability issues or worst, the provider going out of business [5].Lock-in is one of the biggest obstacles keeping companies from adopting cloud computing [31].The only way to eliminate this single source failure is to use multiple cloud computing providers, which is currently hardly possible [5].
A few solutions have been proposed to facilitate interoperability between clouds.The Intercloud architecture "supports scaling of applications across multiple vendor clouds to offer "just-in-time, opportunistic, and scalable provisioning of application services, consistently achieving QoS targets under variable workload, resource, and network conditions [11].The architecture is described in [11].The federated network of clouds is mediated by a Cloud exchange.Each cloud has a Cloud Coordinator which publishes offers based on the service the cloud offers.The Cloud Brokers requests the required capacity and negotiates or bids on the offers.Intercloud protocols and formats for the Intercloud are discussed in [6].
Another architecture is the Cross(-Cloud) Federation which predicts that "smaller, medium, and large cloud providers will federate themselves to gain economies of scale and an enlargement of their capabilities" [13].Enhancements to solve the current architectural limitations are proposed in [13].A Cross-Cloud Federation Manager is placed inside the cloud architecture to allow the cloud to establish a federation with another cloud.
As mentioned earlier, the RESERVOIR project aims to federate clouds by offering "an open, service-based online economy in which resources and services are transparently provisioned and managed across clouds on an on-demand basis at competitive costs with high-quality service" [56].
Cloud federations will increase scalability and reliability of current cloud services, and allow clouds and their customers to make use of another cloud's services.
A solution that offers more direct benefits for the cloud customers is DMTF's Open Virtualization Format (OVF) [17] which addresses the portability of virtual machine images by providing a open standard format for packaging and distributing software to be run in virtual machines.

Internal security
As mentioned above, the cloud's internal security considers the mechanisms used to protect the cloud customers' virtual instances and data within the cloud.Due to the low-level of IaaS, the customer has most control over the security compared with PaaS and SaaS.When using PaaS, the customers may be able to craft their own authentication system or adapt other parts of the system.However, below the application level, security is dealt by the provider, who often gives little or no information about their practices [64].When using SaaS, the user has to rely even more on the provider to implement sufficient security mechanisms.
Several security threats have been identified in [46,62] and address, for example, the issues encountered with shared technology and virtualization, availability, and identity management.

Cloud performance
The performance of cloud computing services has been examined in [8,69] with respect to reliability, fault recovery, and various computation metrics, such as scaling latency, throughput and costs, and network metrics, such as bandwidth.A method to compare the performance of cloud services has been developed in [38].

Taxonomy Design
Having analyzed the important features of cloud computing services, the different levels have to be defined and the taxonomy can be generated.Then a brief explanation of the choice of levels is given.
The taxonomy has a tree-based structure.At the root of the tree are all cloud services.The first level is made up of the three main service categories; see Sect. 4. The next levels correspond to the common characteristics, followed by the service specific characteristics.
The taxonomy tree is shown in Fig. 3. Due to space constraints, for each of the three cloud service categories, only one path is drawn until the bottom of the tree.The other branches that have not been continued are identical to the drawn branch for the respective category.The illustration is meant to give an idea of the amount of combinations that can form different cloud computing services.The tree traversal starts at the top at level 0. There a choice needs to be made based on the first level's characteristic.Further down in the tree, it can be possible that multiple choices can be made, for example, when considering which operating systems are supported.
The license type and intended user group have been chosen as a very important criterion because decisions made at these levels will lead to very different cloud services.The remaining order was chosen based on the amount of information found on the characteristics, i.e., the more information was found, the higher up in the tree a characteristic is placed.However, general and service specific characteristics are kept separated.
At deeper levels, the distinctions between services may become more blurred, as either little information is available, or implementations only vary slightly.Here, it may also be applicable to add tree nodes labeled "Undisclosed/ unknown" when sufficient information is not available.For other levels, such as the one concerning supported operating systems, not all available options could be drawn, due to space constraints.Thus, only a selection of the most commonly offered options is given.
The taxonomy examined the main features of cloud computing services.The level of detail can be varied by including more options for each characteristics.As mentioned above, for most characteristics, only a set of the available options is included in the tree diagram.The options at each level of the taxonomy can be extended to incorporate more detail.

Taxonomy expansion
The taxonomy can be expanded with additional characteristics, such as those mentioned in Sect.4.3.However, also further characteristics not addressed here, for example, how well the to be classified cloud computing service can be customized to the user's needs, can be added.There are a few requirements for a new characteristic, i.e., a new taxonomy level.The options, i.e., the branches at that level, which the cloud's characteristic can take have to be clear to a taxon-Fig.4 The desirability increases from left to right, e.g., for "Agreements" and "Openness" omy user without further explanations and should not overlap with each other.Additionally, the cloud can be expanded to include a grading of importance scheme.This is described in Sect.5.2.

Finding the pros and cons
In order to find the pros and cons of a cloud computing service, or to compare multiple services to find the best one in regard to some properties, a grading of importance or desirability scale can be applied.The tree branches can be arranged by increasing desirability from left to right; see Fig. 4. Hence, a cloud computing service that is most desirable always takes the most right branch in the tree.However, it is not possible to apply such a grading scheme to all taxonomy levels, as for example, it is infeasible to say a certain "User group" is better than another.We, therefore, in this taxonomy, only apply a grading of importance to the common taxonomy levels 5 to 8, i.e., "Agreements," "Security," "Standards," and "Openness."

Classifying cloud computing services in the taxonomy
This section explains how the taxonomy is to be used with an example for each of the three service types.The chosen cloud services are the Amazon EC2, an IaaS cloud, Microsoft Azure, a PaaS cloud, and Google Apps, a SaaS application.

IaaS example: Amazon EC2
The Amazon EC2 [2] characteristics are given in Table 1.The corresponding tree diagram can be found in Fig. 5.The characteristics of the Amazon EC2 service form the highlighted path in the tree.

PaaS example: Microsoft Azure
The characteristics of Azure [41] are given in Table 2.The corresponding tree diagram can be found in Fig. 6.The    Azure characteristics define the tree path indicated by the bold line.

SaaS example: Google Apps
The characteristics of the Google Apps [27,30] are given in Table 3.The corresponding tree diagram can be found in Fig. 7.The Google Apps characteristics define the tree path indicated by the bold line.When comparing two cloud services, one should focus on the tree-path each services forms.For this purpose, using the example services from above, in Fig. 8, only the tree-paths of the Amazon EC2 and Google Apps service are drawn.Using this diagram, the similarities and differences can quickly be seen.Similarities are where the path of one service is parallel to the path of the other and differences are where the paths diverge.Based on the example, both services are proprietary, whereas they use different methods for secure access of the cloud service.Additionally, when comparing a cloud service to a traditional service, the characteristics that apply only to cloud services can be marked by coloring these options in the tree.If, for example, a to be classified service shows noncolored options, it can be concluded that this service is strictly speaking not a cloud computing service based on the NIST definition.

Conclusions and future work
This paper examined current cloud computing services and a taxonomy for classifying these has been developed.The paper captured the characteristics all cloud computing services share, as well as those that are exclusive to one of the three service categories-infrastructure, platform, and software.The here proposed taxonomy is capable of classifying both current and future cloud computing services.The simple tree structure allows quick comparisons, by giving the user a set of choices at each level.This clear structure makes comparing cloud computing services more efficient than using table based comparisons.Further, the taxonomy not only helps to map a cloud computing service, but it also helps potential customers and developers to point out what characteristics the service they seek or wish to develop should have.
The comprehensive list of characteristics makes it possible to distinguish a great variety of cloud computing services.However, at the deeper levels of the tree, the differences between the characteristics become more blurred.This may be due to limited subjective information, and the young age of cloud computing.To allow more accurate comparisons, the taxonomy could be expanded to incorporate more details for some of the characteristics.As mentioned above, the security addressed by the taxonomy only considers security measures between the client and the cloud.An important addition to the taxonomy will be to also consider the security mechanisms used within the cloud.
Further, it has been identified that especially the areas of standardization and interoperability need to evolve.Various organizations have been founded to help define concepts and standards for cloud computing, but also the service providers need to be convinced to take part.Improved interoperability and clear standards will not only make it easier to develop new cloud services, but it will also make entering the cloud less risky, and hence more attractive, for companies.The taxonomy can easily be adapted to future cloud computing developments and the taxonomy's user's needs.
Open Access This article is distributed under the terms of the Creative Commons Attribution Noncommercial License which permits any noncommercial use, distribution, and reproduction in any medium, provided the original author(s) and source are credited.

Fig. 8
Fig. 8 Comparing the Amazon EC2 and Google App cloud services

Table 1
Amazon EC2 characteristics

Table 2
Microsoft Azure characteristics

Table 3
Google Apps characteristics