와탭랩스 블로그 오픈 이벤트 😃
자세히 보기
Tech
2024-03-02
The NIST Definition of Cloud Computing Korean Version
WhaTap팀
AI-Native Observability

목차

Example H2
blog main image

NIST, the National Institute of Standards and Technology, is an agency within the U.S. Department of Commerce that sets all forms of measurable standards in the U.S. It also works on standardization in IT.

In 2011, NIST came up with a definition for cloud computing. "The NIST Definition of Cloud Computing" published by NIST is still used today as a source for defining cloud computing, and NIST's definition of cloud is still valid.

"The NIST Definition of Cloud Computing" is a short two-chapter document, but it is a must-read, whether in English or Korean, as it defines the characteristics and business organization of the cloud.

If you prefer to read it in English, you can download the original PDF below.

https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf

Below is a Koreanized version of the document from WhaTap Labs for those reading this article. (NIST documents are only obligated to attribute authors.)

blog main image
blog main image

Computer Systems Technical Reports

The Information Technology Laboratory (ITL) of the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the nation's metrology and standards infrastructure. ITL develops tests, test methods, reference data, proofs of concept, and technical analysis methods to improve development and production using information technology. ITL's responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of unclassified but sensitive information provided by federal computer systems. This Special Publication 800 series reports on ITL's research, guidance, and outreach efforts to government, industry, and academic institutions in the field of computer security.

National Institute of Standards and Technology (NIST) Special Publication 800-145 Page 7 (September 2011)

Commercial elements, equipment, and apparatus may be represented in the document to accurately describe experimental procedures or concepts. These representations do not constitute a recommendation or endorsement by the National Institute of Standards and Technology, nor do they imply that the elements, equipment, or apparatus are the best available for their intended use.

Acknowledgments

The authors, Peter Mell and Timothy Granth, would like to thank the many experts in industry and government who contributed their thoughts to the creation and review of the definition at the National Institute of Standards and Technology (NIST). We are especially grateful to Murugia Sofaya, Lee Badger, and Wene Janssen of Booz Allen Hamilton for their advice and technical insights that helped shape the results.

Errata

The following changes were incorporated into Special Publication 800-145 on the dates specified in the table.

Date

Form

History

Page Numbers

April 27, 2017

Editorial

Page number corrected from "2" to "1"

1

1. Introduction

1.1 Authority

The National Institute of Standards and Technology (NIST) created this document to further its statutory responsibilities under the Federal Information Security Management Act of 2002 (FISMA), as authorized by Public Law 107-347.

NIST is responsible for developing standards and guidelines, including minimum requirements, to provide adequate information security for all agency operations and assets; however, such standards and guidelines do not apply to national security systems. This guidance is consistent with the requirements of Office of Management and Budget (OMB) Circular A-130, Section 8b(3) "Securing Agency Information Systems," as analyzed in A-130 Appendix IV: Analysis of Key Sections. Supplemental information is provided in Appendix III to the A-130.

This guidance has been prepared for use by federal agencies. It is available for voluntary use by non-governmental organizations and is not subject to copyright, but authorship must be attributed.

This document is not contrary to standards and guidelines mandated by or belonging to any federal agency under the Attorney General, and these guidelines should not be construed to alter or supersede the existing authority of the Secretary of Commerce, the Director of OMB, or any other federal official.

1.2 Purpose and Scope

Cloud computing is an evolving paradigm. NIST's definition characterizes the important elements of cloud computing. It provides a means for broad comparison of cloud services and deployment strategies and establishes guiding principles for discussing what cloud computing is and how it should be used. Services and deployment models are categorized in a simple form that does not dictate or constrain you in any particular way, such as deployment, service delivery, or business opportunity.

1.3 Target

The intended target for this document is system planners, program managers, technologists, customers choosing cloud computing, or cloud service providers.

2. NIST Definition of Cloud Computing

Cloud computing is a model of on-demand, networked access to a shared pool of configurable computing resources (e.g., networks or servers, storage, applications, and services) that operate from anywhere, are convenient, and can be quickly delivered and deployed with minimal management effort or interaction with service providers. This cloud model consists of five essential characteristics, three service models, and four deployment models.

Key features:

  • On-demand self-service : On-demand self-service. Clients can independently arrange compute capabilities, such as server time and network storage, on an as-needed basis, automatically and without the help of a service provider.
  • Broad network access : Broad network access. All features are available over the network and are accessed through standard mechanisms that spread the use of heterogeneous thin or fat client platforms (e.g., mobile phones, tablets, laptops, workstations).
  • Resource pooling : Resource pooling. A provider's computing resources are pooled (shared management) to provide physical or virtualized resources that are dynamically allocated or reallocated based on customer requirements to multiple customers using a multi-tenant model. It is location-independent in that customers do not typically have or control information about the exact location of the resources they receive, but can determine the geography at an abstract high level (e.g., country, state, data center).
  • Rapid elasticity : Rapid elasticity. Features can be elastically staged and deployed, and in some cases, automatically and rapidly scaled up or down in proportion to demand. To the user, the features available for provisioning are often unlimited and appear to be available at any given time.
  • Measured service : Measured service. Cloud systems automatically control and optimize resources by leveraging measurement capabilities[1] at some abstract level, tailored to the type of service, for example, storage, processing, bandwidth, and active user accounts. Resource usage can be monitored, controlled, and reported to provide transparency to both service users and providers.

Service model:

  • Software as a Service (SaaS): Software as a service concept. The functionality offered to customers is the use of a provider's application that runs on a cloud infrastructure[2]. Applications can be accessed from a variety of client devices, ranging from lightweight client interfaces to program interfaces that operate in a web browser like web-based email. Aside from personalized application configuration settings, consumers do not manage or control the underlying cloud infrastructure, including networks, servers, operating systems, storage, and even individual application features.
  • Platform as a Service (PaaS): Platform as a service concept. The capabilities offered to consumers are distributed to consumers of cloud infrastructure by creating or acquiring applications, libraries, services, and tools written in programming languages and provided by providers[3]. Clients do not manage or control the underlying cloud infrastructure-including networks, servers, operating systems, storage, and even individual application functions-but they do control the deployment of applications and the configuration settings of the environment in which they are hosted.
  • Infrastructure as a Service (IaaS): A platform as a service concept (IaaS). It provides consumers with the ability to have processing, storage, network, and other basic computing resources ready for immediate use to deploy and run software, such as operating systems and applications, at will. Clients do not manage or control the underlying cloud infrastructure, but they do manage the operating systems, storage, deployed applications, and have limited control over networking components (such as host firewalls).

Deployment models:

  • Private cloud : Private cloud. Cloud infrastructure is provided for the exclusive use of a single organization (such as a business unit) comprised of multiple customers. The cloud infrastructure is owned, managed, and operated by the organization or a third party or combination of third parties and can be located inside or outside the building.
  • Comnunity cloud : Community cloud. Cloud infrastructure is provided for exclusive use by a specific community of consumers who share concerns (e.g., mission, security requirements, policies, and compliance considerations). Cloud infrastructure is owned, managed, and operated by an organization or a third party or combination of third parties and can be located inside or outside of a building.
  • Public cloud : Public cloud. Cloud infrastructure is made available for public use by the general public. Cloud infrastructure is owned, managed, and operated by a business, educational, public organization, or a combination of these. The cloud infrastructure is located on the cloud vendor's premises.
  • Hybrid cloud : Hybrid cloud. It consists of two or more non-identical cloud infrastructures (e.g., private, community, public) that retain their unique characteristics, but are brought together by standardization or proprietary technologies that allow data and applications to be portable (e.g., cloud bursting for load balancing between clouds).
  • Typically, this is based on per-user or per-use billing.
  • Cloud infrastructure is the collection of hardware and software that creates the five key characteristics of cloud computing. Cloud infrastructure can be seen to include both physical and abstract layers. The physical layer consists of the hardware resources needed to support the cloud services you are receiving and typically includes elements such as servers, storage, and networks. The abstract layer consists of the software deployed over the physical layer that best represents the core characteristics of the cloud. Conceptually, the abstract layer sits on top of the physical layer.
  • These functions can also use compatible programming languages, libraries, services, and tools from other sources.
WhaTap팀
AI-Native Observability
저희 와탭팀은 IT 운영자와 개발자가 IT 서비스를 쉽고 편하게 운영할 수 있도록 돕습니다.
목차
Example H2
배너 타이틀
함께 보면 좋은 콘텐츠
No items found.
GPU
GPU 모니터링이 필요한 이유: AI 시대의 필수 인프라 관리 전략
2025-07-10
IT News
WhaTap Named Representative Vendor in Gartner’s 2025 Market Guide
2025-04-29
Whatap Monitoring
Setting Authorization Based on Roles in the WhaTap Service
2024-08-12
와탭 모니터링을 무료로 체험해보세요!
데모 체험하기