An Overview of the Most Important Reference Architectures for Cloud Computing

In this paper we have presented the main characteristics of the most important reference architectures designed for the cloud computing environment. Specifically, we have introduced the proposed architectures of the worldwide cloud computing companies like Cisco, IBM and VMware and we also had a look at the National Institute of Standards and Technology (NIST) reference architecture which is the starting point for all proposed architectures in the field. As one would expect, the provider dependent reference architectures are written is such a way to suit the services and products of the company, while NIST’s architecture is a more general model with more comprehensive architectural details that we highlighted in this article. In the end of the article we draw out some conclusions regarding the existing reference architectures for cloud computing.


Introduction
Cloud computing is the new term used for utility computing, with emphasis on offering IT resources over the Internet, in exchange of storing and operating resources locally.In the existing literature there are a plethora of different reference architectures, models and frameworks for cloud computing.Usually, a reference framework for cloud computing tries to offer the baseline that stands on designing some interoperable cloud services and also their integration in the existing infrastructures of the Internet and private corporations.On a regular basis, a reference framework should offer a draft or an architectural template that could be used by others that wish to adopt similar solutions.A reference model consists in explaining the concepts and relationships which sustain reference architecture, while the term reference framework refers to both (architecture + model of reference) [1].A cloud computing architecture of a cloud like solution represents the structure of such a system.The term also refers to conceiving proper documentation of the architectural system of a cloud computing solution, facilitating the communication between the investors, taking initial decisions and it also allows the reuse of the design components and templates for other similar projects [2].
A reference model of cloud architecture represents the abstracting of the cloud computing concepts and relationships, which can be used to train organizations and to create standards and guidelines in the purpose of aiding these application concepts.Groups of organizations like DMTF (Distributed Management Task Force)are the initiators of a wiki page www.cloud-standards.org[3].Cloud Security Alliance or Open Security Architecture develops reference models for cloud which can be used by different companies in the purpose of adopting new cloud technologies.Also, companies being active in the field (Cisco, IBM, VMware and others), also other federal agencies (GSA and others) are working on some reference models of their own which have specific characteristics.Next we will present four of the most important reference architectures in the field:  Reference architecture CISCO -Cisco Cloud Reference Architecture Framework [4]  Reference architecture IBM -IBM CCRA [5]  Reference architecture National Institute of Standards and Technology (NIST) [6]  Reference architecture VMware -Architecting vCloud [7] 1 DOI: 10.12948/issn14531305/18.4.2014.03

CISCO reference architecture
The CISCO reference architecture is based on the cloud definition provided by NIST, in which is stated, shortly, that a cloud represents IT services offered using a network.More precisely, the cloud is a model in which the IT resources and services are abstracted from the infrastructure and are provided "on demand" and "at scale" in an environment for multiple "tenants"."On demand" stands for resources which can be supplied and billed for only when they are used."At scale" refers to the fact that the provided services offer an "infinite" pool of available resources which can provide for various demands.An environment with "multi-tenants" assumes that the resources are available for use for multiple consumers (for example, business units) in one implementation.
As   The NIST reference architecture focuses on the needs that the cloud services offer and not on a design that defines a solution and an implementation.This helps with understanding operational complications that can occur in the cloud computing.NIST reference architecture does not represent system architecture of a system specific to cloud computing, it is rather a tool for describing, analyzing and development of a specific architecture using a common reference framework.The design of the NIST reference architecture serves the following objectives:  Understanding and illustration of various services of the cloud in the context of a generalized conceptual model for cloud computing. Providing technical references to governmental agencies and to other consumers for understanding, analyzing, categorizing and comparing cloud services. Security communication and analysis, possible standards for interoperability and portability and reference implementations.

General overview
In the document that NIST published there are five involved main actors which are involved in the development of a new taxonomy development regarding cloud computing.In this direction NIST defines the actors as being: cloud consumer, cloud provider, cloud auditor, cloud broker and cloud carrier.See Figure 3. between the consumer and the provider, negotiating their relationship, and it helps the consumers overcome the level of complexity of the cloud service, thus generating cloud services with added value.The cloud auditor offers a valuable function for the government by coordinating performance and monitoring cloud services security.The cloud carrier represents the organization which has the responsibility of carrying data in a similar way as a power distributor for the electric grid.

Cloud consumer
The cloud consumer is the last one to which the cloud service offers support.A consumer represents a person or an organization which has a business relationship with a cloud provider.Basically the cloud consumer choses some service from a catalog belonging to the cloud provider, it sets some contract conditions for those chosen services and starts using them.The cloud consumer can pay for the provisioned services and it can plan his payments depending on the asked services.There are several scenarios and activities depending on the service that a consumer choses, these are listed in Table 1.
In Figure 4 there are a couple of examples of services that can be provided to cloud consumers.SaaS applications are implemented, usually, as hosted services which can be accessed through a network that connects the consumers with SaaS providers.SaaS consumers can be enterprises which offer its members access to software applications, they are the end users of the applications, or they can be administrators of software applications that configure the applications for final end users.SaaS consumers can access and use applications on demand and they can pay based on the number of consumers or based on the consumed services (these can be measured as: time usage, network bandwidth, amount of stored data or duration of stored data).In the case of PaaS cloud consumers they use execution tools and resources offered by cloud providers for developing, testing, implementing and managing applications hosted in the cloud environment.PaaS cloud consumers can be application developers that design and implement applications, software testers that run and rest applications in different cloud environments, application developers that publish their applications in a cloud environment or application administrators that configure and monitor applications on a cloud platform.These types of cloud consumers can pay a tax based on the number of users, the type of consumed resources or duration of platform usage.

Cloud providers
A cloud provider can be a person, enterprise or other entity responsible for making available a resource to a cloud consumer.A provider builds the infrastructure software/platform/services that manages the necessary technical infrastructure for providing these services, provisions services based on the service level agreements (SLA) and protects the security and private characteristic of these services.For the SaaS case the cloud provider implements, configures and updates the operating mode of the software applications on a cloud infrastructure in such a way that the provisioned services meet the corresponding level for the benefit of the consumer.The SaaS provider takes responsibility for managing and controlling applications as well as infrastructure, while cloud consumers have a limited administrative control over the applications.
For the PaaS case the provider manages cloud infrastructure for the platform and provisions execution tools and resources for the consumers of the platform for developing, testing, implementing and managing applications.The consumers control the behavior of the applications and also they control the settings of the hosting environment, but they cannot access the infrastructure on which the platform is hosted (network, servers, operating system, storage capacity).
For the IaaS case the provider provides capabilities of physical processing, storage, connection to the network and other fundamental DOI: 10.12948/issn14531305/18.4.2014.03calculation resources assuring and managing the hosting environment and the cloud infrastructure for the IaaS consumers.Cloud consumers implement and run applications, have a large control over the hosting environment of the cloud and the operating systems, but it does not manage or control the base infrastructure of the cloud (physical servers, network, storage capacity, hypervisors, etc.).The cloud provider activities can be analyzed in detail from the perspective of the following five characteristics: service implementation, service orchestration, service management, security and confidentiality.
Service implementation refers to implementation models from the special paper called "NIST Special Publication 800-146, NIST Cloud Computing Synopsis and Recommendations", which defines public cloud models, private, community and hybrid.A public cloud is a cloud system in which the infrastructure and the compute resources are made public through a public network.A public cloud is owned by an enterprise which sells cloud services and serves various categories of clients.
In the private cloud case, the infrastructure is operated on entirely by a single enterprise which has access to computational resources and infrastructure in an exclusive way.The infrastructure can be managed by the enterprise (case which holds the name on-site private cloud) or it ban managed by a 3rd-party (case which has the name outsourced private cloud).A cloud community can be managed by several organizations or 3rd-parties and it can be implemented on the location of the client or outsourced.A cloud community serves several enterprises that have a common goal, which can be regarding security, confidentiality and conformity.A hybrid cloud is a combination of two or more models (private, community and public) created by unique entities that are connected by standardized technologies or property which assures data and applications of portability.
Service orchestration refers to a way of organizing, coordinating and managing of cloud infrastructure so as to offer the possibility of optimizing cloud services with the scope or reducing costs.Figure 5 shows an overview over the general requirements tied to each of the three service models.In these documents there is an emphasis on the fact that security, compatibility and security policies requirements represent functions regarding jurisdiction characteristics of the country in which the cloud services are being offered, these vary from country to country.Due to this aspect and independent auditor will check compatibility with the security policies regulations.Confidentiality and personal data protection is one of the key imperatives in the cloud field.
Taking into consideration that cloud computing solutions offer a flexible way of accessing shared resources, software and information it raises an issue regarding confidentiality.For example, the Federal Council in USA has written a document "Recommendations for Standardized Implementation of Digital Privacy Controls" which takes in consideration three basic ways for confidentiality control: Personal information inventory, Confidentiality impact evaluation and Privacy Notice.The recommendations are that the governmental institutions can identify and take into consideration all personal information that can be collected or exposed through digital technology, analyze confidentiality risks through personal data updates and offer notifications to individuals in regard to the way of collecting, storing, and processing and publishing personal information.

Cloud auditor
A cloud auditor is a 3 rd -party which can do an independent evaluation over:  Cloud services  Performance and operation modalities of informational systems  Cloud security implementations The cloud auditor can evaluate provided services by a cloud provider in relation to various parameters, which are: security control, impact over confidentiality, performance and mapping to SLA characteristics.The audit action is extremely important to governmental institutions which need to assure security controls over the cloud providers including here actions over management, operation and technical solutions for confidentiality insurance, integrity and availability of the system and also of the data stored through it.For security audit, a cloud auditor can elaborate methods of controlling security verifications, including a checking phase of system compatibilities with the security policies of the benefiting enterprise.

Cloud broker
The cloud broker is an entity which manages usage, performance and provision of cloud services by negotiating the relationship between cloud providers and consumers.With the evolution of cloud computing systems, integration of cloud services can be a complex task which can be very difficult to manage for a cloud consumer.In both cases a cloud consumer asks for cloud services through a broker instead of contacting the cloud provider directly.Cloud brokers offer a single entry point for managing several cloud services.The key characteristic that separates a cloud broker from a cloud provider is the fact that it can offer a consistent interface for multiple providers indifferent if the interface is a technical or business one.In general there are three service categories for brokers:  Service Intermediation: enhances a given service by improving some specific capability and providing value-added services to cloud consumers.The improvement can be managing access to cloud services, identity management, performance reporting, enhanced security, etc.  Service Aggregation: combines and integrates multiple services into one or more new services.same time, there are several challenges in the cloud computing zone which are being discovered by innovations brought by service and technology producers.The interaction of service models and the distributed nature of resource control and property in cloud computing has raised some standard differences; to the existing ones we add the pre-cloud computing era ones as well.
5 VMware reference architecture VMware, a worldwide leader in virtualization field, brought also an important document that is the reference architecture specification for their products in the cloud computing field.This document is called "VMware vCloud Fig. 8 vCloud architecture from VMware (Source: [7]) From an infrastructure point of view vCloud is build on a virtual infastructure that has its components splited into an administration cluster.In [7] there are presented the constructive details of the components from Figure 8 and also usage stories about those components.From those usage stories it stands out the importance of connection logs existence.As a result, tracking and monitoring is important in order to prevent future attacks.An audit of a log allows an organization to verify compatibilities, detect violations of security and initialize restore points if it is necessary.
A rule of thumb is to regularly examine the logs for identifying any suspicios activity.The laws and external rules can also require access to special levels of monitoring and checking.Rules are needed for restricting access, while log parsing can give some hints about system configuration errors or failures and applying any SLA rules.Thus we have identified some scopes for logs:  compatibility requirementslogs are needed for assisting audit control as well as checking security breaches, analysis and responses.For example, an authentication log can check if an resource has been accesed only by authorized users. client demandsend users (usally refered to as tenants) can obtain access to logs to correspond to their requirements. operation integrityoperation alerts can be defined for logs to trigger remediation notifications.

Conclusions
We have summarized here four important reference architectures for cloud computing, respectively Cisco -Cisco Cloud Reference Architecture Framework, IBM CCRA, National Institute of Standards and Technology (NIST) and finally, VMware's Architecting vCloud.Between all of them, the NIST's architecture is provider independent, while the other three architectures belong to worldwide leaders of the cloud computing like Cisco, IBM and VMware.There are also proposed other reference architectures for cloud computing from other vendors like Oracle, Microsoft, Amazon, Google or open source flavors like Open-Stack.After going through the four architectures we can conclude that the independent platform architecture from NIST is the most comprehensive, containing also architectural details and talking about concrete case studies of usage.The other three platform dependent architectures basically follow NIST's definition using their own technologies and solutions based on their own services or infrastructure elements.All the four architectures for cloud computing considered here are containing common base elements and rely on the same definition of a cloud and are following the same service DOI: 10.12948/issn14531305/18.4.2014.03models described by NIST like: SaaS, PaaS and IaaS.Also, all the architectures are embracing the cloud consumers' and providers' interests with emphasis on the administration part, offered services and access to resources.Security of the data stored in the cloud environment is also a main concern of the cloud architectures [9].As a final conclusion, no matter the reference architecture we discuss about, even it is independent (NIST) or company specific, it contains several common components and services.As an addition, ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) have published in October 2014 under the auspices of ISO/IEC 17789:2014 specifies the cloud computing reference architecture (CCRA).The reference architecture "includes the cloud computing roles, cloud computing activities, and the cloud computing functional components and their relationships" [10], being available only by buying from www.iso.org.As for future research we will investigate this new ISO/IEC proposed standard which could become in the future the de facto standard for cloud computing reference architecture.

Fig. 7
Fig. 7 Characteristics regarding security and confidentiality from the whole cloud architecture view (Source: [6])