On cloud 9

What is cloud?

Call To Art — Nov 2019 by Celfocus Architecture Office

Celfocus Architecture Office's take on cloud:service models, deployment models,maturity levels and so much more.

Larry Ellison, Oracle’s CEO, once said that “The computer industry is the only industry that is more fashion-driven than women’s fashion” and, indeed, the computer industry has had its share of trendy technologies and paradigms. Amongst those, cloud computing has gained enough traction to be taken seriously by both customers and providers, having suffered a massive growth in the recent past.

By enabling OTT players, such as Netflix, Whatsapp, Skype, Facebook or Spotify, to have their go at some traditional telecom services, the cloud is now on every CSP’s radar although it is, sometimes, unclear what one’s referring to when talking about cloud.

Defining Cloud Computing

In today’s world, “Cloud” is not, by any means, an unfamiliar term even for those who don’t come from a technological background. Nearly everyone, nowadays, uses some sort of cloud service or uses services from a company heavily dependent on cloud technology (e.g. Dropbox, iCloud, Google Drive, Spotify, Netflix, Skype, WhatsApp). Nonetheless, despite seeing and hearing references to cloud computing almost every day, it’s likely that defining what cloud computing is can be a little more complicated.

There is one common reference, found on the internet, particularly amongst cloud sceptics (especially regarding data security/privacy) that says: “there is no cloud, it’s just someone else’s computer”. This definition is quite accurate.

Looking at some more elaborated definitions, Gartner defines cloud computing as “(…) a style of computing where massively scalable IT-related capabilities are provided as a service across the Internet to multiple external customers” while Forrester says it is “(…) A pool of abstracted, highly scalable, and managed infrastructure capable of hosting end-customer applications and billed by consumption” and Amazon, one of top players in this market, defines it as “the on-demand delivery of compute power, database storage, applications, and other IT resources through a cloud services platform via the internet with pay-as-you-go pricing.”

Considering these definitions one can see that, although not the same, they share some common ground. In fact, they reference a set of characteristics that are considered the foundations for cloud computing.

US National Institute of Standards and Technology (NIST) defines 5 essential characteristics for cloud computing:

  1. On-demand self-service: the client must be able to self-provision resources without interaction with the service provider
  2. Broad network access: capabilities must be available over the network and be reachable by standard mechanisms via several different platforms (e.g. phones, tablets, laptops, workstations)
  3. Resource Pooling: must serve several customers (multi-tenant), with different resources dynamically allocated according to customer demand as well as foster location independence
  4. Rapid Elasticity: must have the ability to allocate (grow) or deallocate (shrink) with no impact for clients or applications
  5. Measured Service: resource usage must be monitorable, controllable and reportable allowing a pay-as-you-go pricing model


Despite several other aaS (as a service) delivery models that surfaced (Database – DbaaS, Logging – LaaS, Network – Naas, Communication – CaaS, etc.), the basic models of cloud computing can be narrowed down into three, each having its own scope: Software, Platform and Infrastructure.

  • IaaS (Infrastructure as a Service): With offers from top players like Amazon (AWS), VMWare (vCloud), OpenStack and Microsoft (Azure VM), the most basic form of cloud computing is also its foundation. IaaS provides the underlying infrastructure, provisioned and managed over the internet, and allows quick scale-up/down on-demand and to be paid by usage. This helps clients focus on platform and application management leaving infrastructure to the service provider.
  • PaaS (Platform as a Service): Is a complete development and deployment environment that allows the client to deliver applications, from simple web apps to complex enterprise applications. PaaS is designed to support the whole development lifecycle and abstract the underlying infrastructure. Players like Google (Google App Engine), Microsoft (Azure Cloud Services), Red Hat (OpenShift), and Cloud Foundry have PaaS offers.
  • SaaS (Software as a Service): Is the building and hosting of software, by 3rd party vendors, for clients to consume across the internet, being typically billed by level of service (usage, number of users, etc.). These services are already being used today and several players like Microsoft (Office 365), Google (Google apps) and Salesforce.com (Salesforce), are targeting this market

Different cloud service models offer different scopes of responsibility. This has a direct impact in what is managed by the service provider and what is managed by the client.


A cloud approach can be taken into consideration to address various requirements, covering numerous topics such as ownership, data protection, cost and accessibility. Deployment models define the scope and specify the boundaries for those topics.


With this type of deployment, infrastructure ownership and management belong to the cloud service provider.

This model is a true representation of cloud hosting in the sense that customers have no distinguishability or control over the location so, elasticity and scalability are done across all the supplier’s data centres (thus being virtually unlimited). This helps clients reduce costs by allowing them to “outsource” all the infrastructure and operational tasks and eliminate the need to invest and maintain their own datacentres. All this, while also optimizing investment by paying in proportion to resource usage.

However, public cloud poses two disadvantages that comes on top of the list of concerns when adopting cloud solutions:

  • Data protection regulation (e.g. GDPR): The absence of geographical restrictions might imply that a server hosting a given client’s business is located in an entirely different country, with completely different privacy regulations and security obligations.
  • Performance: since all the infrastructure is located remotely, performance might be affected due to latency and/or provider availability. Additionally, the internet service provider’s performance also must be considered.


The main goal of a private cloud is to overcome the privacy issues regarding data. They are typically (but not exclusively) deployed within the organization’s data centre, which means that location, management or ownership are not characteristics that define a private cloud.

This model allows clients to take advantage of some capabilities that are inherent to cloud models, like elastic scalability, provisioning automation and others, while also supressing some of the issues described above for public clouds. By having the infrastructure located in the client’s existing datacentre, it eliminates performance concerns and enables the enforcement of other security policies regarding data access and protection.

Still, private clouds have their own limitations. Although they help mitigate some valid and important concerns when located in the client’s data centre, some other issues might arise:

  • scalability might be limited (by the size of the data centre)
  • ownership and management will belong to the customer, which might not allow cost reduction
  • external data access is not as easy due to security measures (“access anywhere” is compromised)


This is a combination between private and public cloud that, although implemented independently, communicate with one another.

The main goal for using a hybrid cloud is to allow clients to have critical and sensitive data/ applications on a private infrastructure that is directly accessible (avoiding possible performance issues) and leverage resources from public cloud.

Yet, this kind of solution implies more cost, not only because of the investment that needs to be made for an on-premise private cloud but also because there is a possibility a hybrid approach will lead to different stack implementations. This might imply the necessary training to gather all the skill set to support them. Additionally, it can pose challenges regarding mission critical data and application integration.

Cloud Maturity

Not all apps are born for cloud. Cloud maturity represents the “compliance” stage that an app is in, when considering all the native capabilities a cloud architecture provides.

There are 3 main cloud maturity stages:

  • Non-cloud: Typical application designed to be deployed on an on-premise machine.
  • Cloud Ready: Cloud enabled applications are, typically, on-premise applications that have been redesigned to be deployable in a cloud architecture, but that do not take full advantage of all cloud features. Although they present capabilities such as resilience and the possibility to run in a virtualised/containerised infrastructure, which allows automated deployments, they are not optimized to take full advantage of underlying capabilities.
  • Cloud Native: Cloud native applications have been designed, from their core, with a cloud centric approach. Using the 12 factor app principles as a baseline (table below), they take into consideration not only some technological approaches (e.g. microservices architecture, designed for failure, API-first design) but also guarantee compliancy with the principles of multi-tenancy, elastic scaling and full continuous integration/delivery model.

The table below highlights the key differences between the two cloud maturity levels that have cloud applicability and are more difficult to distinguish between.