If someone asks you whether SAS runs in the cloud, there are exactly two wrong answers: "yes" and "no". Instead, this question should spark a discussion. It should be a discussion about which of the five characteristics of cloud computing they are interested in. The answers will point you in one direction or another.
If you have seen any SAS presentations about the cloud, you probably have seen this diagram. This terminology comes to us from the National Institute of Standards and Technology, and more precisely, from The NIST Definition of Cloud that has been adopted by SAS.
“Why do we need definitions and standards?,” some of you may ask. If ever there was a term loaded with hype and misunderstanding, it is “cloud”. The NIST provides us with a common language to talk about it.
In today’s installment of this three-part series, I will discuss the five essential characteristics of cloud computing from NIST, and try to illustrate them with simple examples applied to situations most would be familiar with.
On-demand self-service
“A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.”
Do you remember that day long ago when you signed up for your first online e-mail account? (mine was "Hotmail", back in 1999). Did you have to talk to an employee of the e-mail provider to obtain the account? No, you did not. (Ok, if you did, then you probably have an older account than mine!). That’s the idea we are getting at here. This does not apply not just to services, like e-mail, but also to the raw computing resources that underpin software solutions: servers, CPU, databases, etc…
Broad network access
“Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations ).”
To stay with my e-mail analogy, I can access my e-mail account from anywhere in the world, using any computer or using a smart phone, tablet or mobile device. I can walk into a cyber café in New Zealand and quickly access those resources. That’s what broad network access means: any device, anywhere.
Resource pooling
“The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, and network bandwidth.”
I am pretty sure that GMail does not hold my e-mails in a specific server in a specific location. They do not want to buy a new blade each time someone signs up. Instead, my data is likely scattered across many machines, and these machines also hold the e-mails of many others like me.
Sharing resources is what pooling is all about. Just like the carpool lane you may have used to come to the office this morning, it makes more sense to squeeze four people in a car, rather than to have four cars at 25% capacity each. Please tell your carpool buddies tomorrow that your car is now considered to be a “multi-tenant vehicle”. They’ll love it.
Rapid elasticity
“Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time.”
In the era of binge-watching, Netflix knows that the releases of series like Orange Is The New Black or House of Cards will mean a huge upsurge in their viewership. Since all the Netflix content is delivered via Amazon Web Services, when the demand for shows grows, the quantity of Amazon resources used in the background grows as well. Then, as soon as everyone goes to bed after a 12-hour TV marathon and the demand drops, so does the supply.
Measured service
“Cloud systems automatically control and optimize resource use by leveraging a metering capability at some level of abstraction appropriate to the type of service (e.g., storage, processing, bandwidth, and active user accounts). Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service.”
This one is an interesting concept because of its dual nature. On the one hand, Amazon will scale the services it offers Netflix simply because it is measuring the increasing demand and knows it will run out unless it does so. But on the other hand, it also measures exactly how much service it’s providing Netflix, so that it can be sure to send them a detailed (and likely quite large) monthly bill. In a way, very much like the electric companies do.
Parting words
Also, and this is only my personal opinion, standards are good. Well, I don’t necessarily agree with all standards, but I like that they exist. One can disagree with a standard. And reluctantly follow it anyways. Or deviate from a standard - given a good, justifiable reason.
In my mind, the opposite of a standard is a “free-for-all”. And that is never a good starting point for discussions.
Of course, I also share xkcd’s wariness against new standards.
Thoughts, comments, questions, better examples, disagreement on standards?
4 Comments
Pingback: Cloud: 4 deployment models - SAS Users
Pingback: Goldilocks and the three cloud service models - SAS Users
Very well that reference to niet. Just proceed with the hardening reference Unix, the related iso 27 ones going to the health area wit some more of the same. All part of data governance.
Being a pity that little is found back all that within a sas environment
Thank you for your kind words, Jaap.
Indeed, standards about security and hardening are also very interesting, whether in the cloud or not.
But in this particular series of post, I am only looking at the NIST definitions related to cloud computing.
And trying to express them in ways that are a less dry than the actual NIST definitions.
With that said, I don't doubt that the era of cloud will put a renewed emphasis on security concerns, and force improvements that will benefit both cloud and non-cloud environments.