# ISO/IEC 17789:2014: Information technology - Cloud computing - Reference architecture

# Acronyms, Abbreviations, and Initialisms

Short Form Full Form
CCRA Cloud Computing Reference Architecture
CSC Cloud Service Customer
CSN Cloud Service Partner
CSP Cloud Service Provider
IaaS Infrastructure as a Service
IEC International Electrotechnical Commission
ISO International Organization for Standardization
NaaS Network as a Service
PaaS Platform as a Service
PII Personally Identifiable Information
SaaS Software as a Service

# Overview

ISO/IEC 17789 specifies the cloud computing reference architecture (CCRA). The reference architecture includes the cloud computing roles, cloud computing activities, and the cloud computing functional components and their relationships.

The CCRA can serve as a fundamental reference point for cloud computing standardization and which provides an overall framework for the basic concepts and principles of a cloud computing system.

# Concepts

# User view of cloud computing

The user view addresses the following cloud computing concepts:

  • Cloud computing activities
  • Roles and sub-roles
  • Parties
  • Cloud services
  • Cloud deployment models
  • Cross-cutting aspects

# Cloud computing activities

A cloud computing activity is defined as a specified pursuit or set of tasks.

All cloud computing related activities can be categorized into three main groups:

  • Activities that use services
  • Activities that provide services
  • Activities that support services

# Roles and sub-roles

A role is a set of cloud computing activities that serve a common purpose.

In the CCRA, three roles have been defined:

  • Cloud service customer (CSC)
  • Cloud service provider (CSP)
  • Cloud service partner (CSN)

A sub-role is a subset of the cloud computing activities for a given role.

Different sub-roles can share the cloud computing activities associated with a given role.

Cloud Service Customer (CSC) Cloud Service Provider (CSP) Cloud Service Partner (CSN)
Cloud Service User Cloud Service Operations Manager Cloud Service Developer
Cloud Service Administrator Cloud Service Deployment Manager Cloud Auditor
Cloud Service Business Manager Cloud Service Manager Cloud Service Broker
Cloud Service Integrator Cloud Service Business Manager
Customer Support and Care Representative
Inter-cloud Provider
Cloud Service Security and Risk Manager
Network Provider

The cloud auditor is a sub-role of cloud service partner with the responsibility of conducting an audit of the provision and use of cloud services. A cloud audit typically covers operations, performance and security, and examines whether a specified set of audit criteria are met. There are a variety of specifications for the audit criteria, for example, ISO/IEC 27002 addresses security considerations.

The CSC:cloud service administrator is a sub-role of cloud service customer, whose main goal is to ensure the smooth operation of the customer's use of cloud services, and that those cloud services are running well with the customer's existing ICT systems and applications. The CSC:cloud service administrator oversees all the operational processes relating to the use of cloud services and acts as the focal point for technical communications between the cloud service customer and the cloud service provider.

The cloud service broker is a sub-role of cloud service partner that negotiates relationships between cloud service customers and cloud service providers. The cloud service broker is not itself a cloud service provider and should not be confused with the role of inter-cloud provider (see clause 8.3.1.6). The cloud service broker role could be combined with or operate independently of the role of inter-cloud provider.

The CSC:cloud service business manager is a sub-role of cloud service customer which aims to meet the business goals of the cloud service customer through the acquisition and use of cloud services in a cost efficient way. The main responsibilities of the CSC:cloud service business manager concern financial and legal aspects of the use of cloud services, including approval, on-going ownership and accountability.

The CSP:cloud service business manager is a sub-role of cloud service provider which has overall responsibility for the business aspects of offering cloud services to cloud service customers. The CSP:cloud service business manager creates and tracks the business plan, defines the service offering strategy and manages the business relationship with cloud service customers.

A cloud service customer (CSC) has a business relationship with a cloud service provider for the purpose of using cloud services. A cloud service customer can also have a business relationship with a cloud service partner for a variety of purposes.

The CSP:cloud service deployment manager is a sub-role of cloud service provider which has responsibility for the planning of the deployment of a service into production. This includes defining the operational environment for the service, the initial steps for deployment of the service and its dependencies, and the enablement of operations processes which are used during the running of the service.

The cloud service developer is a sub-role of cloud service partner which is responsible for designing, developing, testing and maintaining the implementation of a cloud service. This can involve composing the service implementation from existing service implementations.

The CSC:cloud service integrator is a sub-role of cloud service customer which is responsible for the integration of cloud services with a cloud service customer's existing ICT systems, including application function and data.

The CSP:cloud service manager is a sub-role of cloud service provider which has responsibility for ensuring that the cloud service provider's services are available for use by cloud service customers, and that they function correctly and comply with targets specified in the service level agreement. The CSP:cloud service manager is also responsible for ensuring the smooth operation of the cloud service provider's business support system and operational support system, as well as the operation of the other functionalities offered to the cloud service customers and cloud service partners for management, administration and other cloud computing activities.

The CSP:cloud service operations manager is a sub-role of cloud service provider which is responsible for performing all operational processes and procedures of the cloud service provider, ensuring that all services and associated infrastructure meet operational targets.

A cloud service partner (CSN) is a party which is engaged in support of, or auxiliary to, activities of either the cloud service provider or the cloud service customer, or both. A cloud service partner's cloud computing activities vary depending on the type of partner and their relationship with the cloud service provider and the cloud service customer.

A cloud service provider (CSP) makes cloud services available to cloud service customers. This role (and all of its sub-roles) focuses on the cloud computing activities necessary to provide a cloud service and the cloud computing activities necessary to ensure its delivery to the cloud service customer, as well as cloud service maintenance. The cloud service provider is responsible for dealing with the business relationship with cloud service customers.

The CSP:cloud service security and risk manager is a sub-role of cloud service provider which has the responsibility of ensuring that the cloud service provider appropriately manages the risks associated with the development, delivery, use and support of cloud services. This includes ensuring that the information security policies of the cloud service customer and the cloud service provider are aligned and meet the security requirements stated in the SLA.

The CSC:cloud service user is a sub-role of cloud service customer corresponding to a natural person or an entity acting on their behalf, associated with a cloud service customer that uses cloud services.

The CSP:customer support and care representative is a sub-role of cloud service provider that is the main interface for the cloud service customer with the cloud service provider and is responsible for reacting to customer issues and queries in a timely and cost efficient way, with the goal of maintaining customer satisfaction with the cloud service provider and the cloud services offered.

The CSP:inter-cloud provider is a sub-role of cloud service provider that relies on one or more peer cloud service providers to provide part or all of the cloud services offered to cloud service customers by that CSP:inter-cloud provider. The CSP:inter-cloud provider's main activities are the intermediation, aggregation, arbitrage, peering or federation of peer cloud service providers' cloud services and their business and administration capabilities from the cloud service customer viewpoint so that the cloud service customer only uses the service, business and administration interfaces of the inter-cloud service provider.

The CSP:network provider is a sub-role of cloud service provider which is to provide network connectivity and network services for the cloud service customer, cloud service partner and cloud service provider. The CSP:network provider may provide network connectivity between systems within the cloud service provider's data centre, or provide network connectivity between the cloud service provider's systems and systems outside the provider's data centre, for example, cloud service customer systems or systems belonging to other cloud service providers.

# Parties

A party is a natural person or legal person, whether or not incorporated, or a group of either. Parties in a cloud computing system are its stakeholders.

A party can assume more than one role at any given point in time and can engage in a specific subset of activities of that role. Examples of parties include, but are not limited to, large corporations, small and medium sized enterprises, government departments, academic institutions and private citizens.

# Cloud services

Cloud services are the essential elements of cloud computing.

Cloud services can be described in terms of the cloud capabilities types which they offer, based on the resources provided by the cloud service. There are three cloud capabilities types:

  • Application capabilities type
  • Platform capabilities type
  • Infrastructure capabilities type

Cloud services are also grouped into categories, where each category is a group of cloud services that possess a common set of qualities. The services in these categories can include capabilities from one or more of the cloud capabilities types above.

Representative cloud service categories include:

  • Infrastructure as a Service (IaaS)
  • Platform as a Service (PaaS)
  • Software as a Service (SaaS)
  • Network as a Service (NaaS)

# Cloud deployment models

Cloud deployment models are a way in which cloud computing can be organized based on the control and sharing of physical or virtual resources.

The cloud deployment models include:

  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud

# Cross-cutting aspects

Cross-cutting aspects are behaviours or capabilities which need to be coordinated across roles and implemented consistently in a cloud computing system.

Cross-cutting aspects can be shared and can impact multiple roles, cloud computing activities and functional components.

Cross-cutting aspects of cloud computing include:

  • Auditability
  • Availability
  • Governance
  • Interoperability
  • Maintenance and versioning
  • Performance
  • Portability
  • Protection of personally identifiable information (PII)
  • Regulatory
  • Resiliency
  • Reversibility
  • Security
  • Service levels and service level agreement

Auditability is the capability of collecting and making available necessary evidential information related to the operation and use of a cloud service, for the purpose of conducting an audit.

Availability is the property of being accessible and usable upon demand by an authorized entity. The "authorized entity" is typically a cloud service customer.

Governance is the system by which the provision and use of cloud services are directed and controlled.

Interoperability in the context of cloud computing includes the ability of a cloud service customer to interact with a cloud service and exchange information according to a prescribed method and obtain predictable results.

Interoperability also includes the ability for one cloud service to work with other cloud services, either through a CSP:inter-cloud provider relationship, or where a cloud service customer uses multiple different cloud services in some form of composition to achieve their business goals.

Maintenance can take place for a variety of reasons, including the need to fix faults and also the need to upgrade or extend facilities for business reasons. Maintenance actions can have the effect of changing the behaviour of cloud services – in particular changes can affect how a service operates when used by a customer.

Maintenance practices should be documented in the SLA for the cloud services and should include the capability for the customer to report problems and request fixes and also a mechanism for the cloud service provider to notify the customer of pending maintenance changes and their schedule.

Versioning is the appropriate labelling of a service (or of components of a service, such as the operating system level used in an IaaS service), so that it is clear to the customer that a particular version is in use. It is important that the service be given a new version label when maintenance of a cloud service occurs.

Performance includes a set of non-functional facets relating to the operation of a cloud service such as:

  • availability of the service;
  • response time to complete service requests;
  • transaction rate at which service requests are executed;
  • latency for service requests;
  • data throughput rate (input and output);
  • number of concurrent service requests (scalability);
  • capacity of data storage;
  • (for IaaS and PaaS) the number of concurrent execution threads available to an application;
  • (for IaaS and PaaS) the amount of memory (RAM) available to the running;
  • data centre network IP address pool and/or VLAN range capacity.

Portability is significant in cloud computing since prospective cloud service customers are interested in avoiding lock-in when they choose to use cloud services. Cloud service customers need to know that they can move cloud service customer data or their applications between multiple cloud service providers at low cost and with minimal disruption. The amount of cost and disruption that is acceptable can vary based upon the type of cloud service that is being used.

Cloud service providers should protect the assured, proper and consistent collection, processing, communication, use and disposition of personally identifiable information (PII) in relation to cloud services.

Resiliency is the ability of a system to provide and maintain an acceptable level of service in the face of faults (unintentional, intentional or naturally caused) affecting normal operation.

Reversibility is a term which applies to the process for cloud service customers to retrieve their cloud service customer data and application artefacts and for the cloud service provider to delete all cloud service customer data, as well as contractually specified cloud service derived data after an agreed period. The principle is the "right to be forgotten", in that the cloud service customer has a right to expect that once they indicate to the cloud service provider that their use of the service(s) will cease, there will be an orderly process for the cloud service customer to retrieve cloud service customer data and their application artefacts and that the cloud service provider will delete all copies and not retain any materials belonging to the cloud service customer after an agreed period.

It is critical to recognize that security is a cross-cutting aspect of the architecture that spans across all views of the reference model, ranging from physical security to application security. Therefore, security in cloud computing architecture is not solely a cross-cutting aspect under the control of cloud service providers, but also affects cloud service customers, cloud service partners and their sub-roles.

Service level agreements are important components of cloud computing governance and represent measurable elements needed to assure an agreed upon quality of service between a cloud service customer and a cloud service provider.

# Functional view of cloud computing

The functional view is a technology-neutral view of the functions necessary to form a cloud computing system. The functional view describes the distribution of functions necessary for the support of cloud computing activities.

# Noteworthy

  • ISO/IEC 17789 specifies the cloud computing reference architecture (CCRA). The reference architecture includes the cloud computing roles, cloud computing activities, and the cloud computing functional components and their relationships.

# Sources