So why does it matter what the US federal government thinks of Cloud Computing? Simple, with an IT budget of more then 70 billion dollars a year, the US government represents the largest IT consumer on the planet. With this kind of money at stake, the influence the US government imposes is enormous and directly influences how we as industry both define and use the cloud.
Something I found particularly interesting was that for the first time, the federal government is moving more quickly then the private sector in both their interest and potential adoption of what has been referred to as the federal cloud. Making things even more interesting is the appointment of Patrick Stingley as what I would describe as the federal "Cloud Czar" or more formally the Federal Cloud CTO at the General Services Administration (GSA). GSA being the federal agency that provides goods and services to other federal agencies and will be the point of contact for any federal cloud services either offered directly or procured through various cloud providers. I should also note that Stingley is also the CTO for the Dept. of the Interior. One of Stingley's first tasks is creating a development plan for a federal cloud computing capability.
I've been saying this for awhile, before Cloud Computing can be broadly adopted by various governmental bodies we must have a clear definition of what it is. In yesterdays federal CIO cloud summit a draft definition for federal use of cloud computing was revealed. The purpose of this definition is to act as a kind of basic litmus test for use as the various government agency move forward in selecting cloud related products and services.
The definition was prepared by Peter Mell and Tim Grance at the National Institute of Standards and Technology (NIST). For those unfamiliar with NIST, they are a non-regulatory agency of the United States Department of Commerce with a mission to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve quality of life. Simply put, their definition of cloud computing will be the de facto standard definition that the entire US government will be given.
In creating this definition, NIST consulted extensively with the private sector including a wide range of vendors, consultants and industry pundants including your truly. Below is the draft NIST working definition of Cloud Computing. I should note, this definition is a work in progress and therefore is open to public ratification & comment. The initial feedback was very positive from the federal CIO's who were presented it yesterday in DC. Baring any last minute lobbying I doubt we'll see many more major revisions.
-------------------------------
Draft NIST Working Definition of Cloud Computing
4-24-09
Peter Mell and Tim Grance - National Institute of Standards and Technology, Information Technology Laboratory
Note 1: Cloud computing is still an evolving paradigm. Its definitions, use cases, underlying technologies, issues, risks, and benefits will be refined in a spirited debate by the public and private sectors. These definitions, attributes, and characteristics will evolve and change over time.
Note 2: The cloud computing industry represents a large ecosystem of many models, vendors, and market niches. This definition attempts to encompass all of the various cloud approaches.
Definition of Cloud Computing:
Cloud computing is a pay-per-use model for enabling available, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is comprised of five key characteristics, three delivery models, and four deployment models.
Key Characteristics:
On-demand self-service. A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed without requiring human interaction with each service’s provider.
Ubiquitous network access. Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, laptops, and PDAs).
Location independent resource pooling. The provider’s computing resources are pooled to serve all consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. The customer generally has no control or knowledge over the exact location of the provided resources. Examples of resources include storage, processing, memory, network bandwidth, and virtual machines.
Rapid elasticity. Capabilities can be rapidly and elastically provisioned to quickly scale up and rapidly released to quickly scale down. To the consumer, the capabilities available for rent often appear to be infinite and can be purchased in any quantity at any time.
Pay per use. Capabilities are charged using a metered, fee-for-service, or advertising based billing model to promote optimization of resource use. Examples are measuring the storage, bandwidth, and computing resources consumed and charging for the number of active user accounts per month. Clouds within an organization accrue cost between business units and may or may not use actual currency.
Note: Cloud software takes full advantage of the cloud paradigm by being service oriented with a focus on statelessness, low coupling, modularity, and semantic interoperability.
Delivery Models:
Cloud Software as a Service (SaaS). The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure and accessible from various client devices through a thin client interface such as a Web browser (e.g., web-based email). The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings.
Cloud Platform as a Service (PaaS). The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created applications using programming languages and tools supported by the provider (e.g., java, python, .Net). The consumer does not manage or control the underlying cloud infrastructure, network, servers, operating systems, or storage, but the consumer has control over the deployed applications and possibly application hosting environment configurations.
Cloud Infrastructure as a Service (IaaS). The capability provided to the consumer is to rent processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly select networking components (e.g., firewalls, load balancers).
Deployment Models:
Private cloud. The cloud infrastructure is owned or leased by a single organization and is operated solely for that organization.
Community cloud. The cloud infrastructure is shared by several organizations and supports a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations).
Public cloud. The cloud infrastructure is owned by an organization selling cloud services to the general public or to a large industry group.
Hybrid cloud. The cloud infrastructure is a composition of two or more clouds (internal, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting).
Each deployment model instance has one of two types: internal or external. Internal clouds reside within an organizations network security perimeter and external clouds reside outside the same perimeter.