See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/329645064

Overview of Cloud Computing Standards

Conference Paper · November 2018

DOI: 10.1109/ICETA.2018.8572237

CITATIONS READS

0 149

3 authors:

Marek Moravcik Pavel Segeč

University of Žilina University of Žilina
19 PUBLICATIONS   20 CITATIONS    49 PUBLICATIONS   93 CITATIONS   

SEE PROFILE SEE PROFILE

Martin Kontsek
University of Žilina
8 PUBLICATIONS   2 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

M-REP IPFRR View project

Virtual network education tool View project

All content following this page was uploaded by Marek Moravcik on 28 December 2018.

The user has requested enhancement of the downloaded file.

 ICETA 2018 • 16th IEEE International Conference on Emerging eLearning Technologies and Applications • November 15-16, 2018, Starý Smokovec, The High Tatras, Slovakia
Overview of Cloud Computing standards
Marek Moravcik, Pavel Segec, Martin Kontsek
Faculty of Management Science and Informatics, University of Zilina, Univerzitna 8215/1, 010 26 Zilina,
e-mail: {marek.moravcik, pavel.segec, jozef.papan, jakub.hrabovsky}@fri.uniza.sk
Abstract—This paper deals with standardization in Cloud
Computing (CC). Cloud is being widely used, but is not standard-
ized yet. There are several organizations that try to standardize
basic functions of Cloud Computing, such as NIST or ITU-T.
In the first part, we made overview of standards dealing witch
basic definition of CC and deployment models. Next, there is list
of cloud services and types of roles in CC. In the last section,
there are reference architectures of CC.
Index Terms—Cloud computing, standards, IaaS
I. I NTRODUCTION
Cloud Computing (CC) is an information and communica-
tion system that offers a variety of on-demand services. The
term CC does not have a clear definition. Different organiza-
tions create their own specifications. Here are some examples:
according to [1] ”Cloud Computing offers IT resources and on-
demand applications available over the Internet using a pay-
as-you-go model.” The author states: ”No matter what you
choose, the environment has the following characteristics: it
is virtual, flexible and scalable, open (or closed), accessible,
safe, and available.” CC is specified by standardization orga-
nizations whose recommendations are the basis for study and
understanding CC system.
A. Standardization of CC
Cloud Computing is a relatively new IT industry and has
not yet been fully unified and standardized. Currently, there
are several standardization groups that try to unify the use of
CC environments from users and providers. By harmonizing,
we mean providing a unified approach to CC services across
different providers. A unified environment and access to it is
beneficial to both parties – both the user and the provider.
The user may not modify their applications when switching
between different CC providers, while the provider may find
it easier to get users who have chosen to leave the provider
for some reason. If a user has customized applications for
running in a CC environment, they do not have to change
them in any way, they simply move them to another provider
or use the services of the new provider alongside the services
of the current provider.
Standardization organizations can be divided into two
groups. The first group is organizations that deal with business
relationships between individual participants. As an example
of an organization that addresses business CC standardization,
we can mention the European Commission, which created two
clusters – the Cloud Select Industry Group (C-SIG) and the
European Commission Expert Group on Cloud Computing
Contracts. The European Commission’s C-SIG Group has two
395
working subgroups. The first is called the Cloud Select Indus-
try Group on Service Level Agreements (C-SIG SLA) and
deals with the standardization of SLAs between providers and
users. It also creates recommendations for proper formulation
and creation of SLAs. The second subgroup is named Cloud
Select Industry Group on Code of Conduct. It collaborates
with other organizations and creates and suggests behavior
policies for CC environments to offer unified services and keep
user data in privacy [2] [3] [15].
Next, it is the European Telecommunications Standards
Institute (ETSI), which created a working group called the
Cloud Standard Coordination Group. The task of this group
is to map the current state of the CC standards, especially in
the area of security, data interoperability and portability [4].
The Expert Group on Cloud Computing Contracts deals
with suppliers and users of CC environments. It’s task is
to explore existing contracts between users and providers, to
acquire best practices and to propose measures to protect CC
users [5]. The second group is the organizations dealing mainly
with the CC aspects of technology. We will highlight two
best-known standardization organizations, ITU-T and NIST.
Both of these organizations have issued standards dealing
with various aspects of CC systems. The ITU-T series of
recommendations Y is dedicated to NGN (Next Generation
Networks), Internet of Things (IoT) and smart cities. In the
ITU-T, CC is addressed with the Y.3500-Y.3999 Cloud Com-
puting recommendations, NIST SP 500 and SP 800. These CC
specifications are further elaborated.
B. What is CC
ITU-T in Y.3500 Recommendation [6] defines CC as a
paradigm that allows the network to access a set of shared
physical or virtual resources. These resources are scalable
and user-friendly. This paradigm is composed of key features,
user roles, deployment models, and cross-cutting aspects. In
NIST SP-500-291 [7], CC is defined as “Cloud Comput-
ing is a model that enables ubiquitous, practical, network-
accessible and on-demand computing resources (such as net-
works, servers, storage, applications and services) created with
minimal effort and without interaction with the provider of
these resources. This model is composed of five basic features,
three service models and four deployment models.” According
to the ITU-T and NIST definitions, the following are also
included under the Key Features, Service Models, Deployment
Models and CC Roles and Activities.
 ICETA 2018 • 16th IEEE International Conference on Emerging eLearning Technologies and Applications • November 15-16, 2018, Starý Smokovec, The High Tatras, Slovakia
C. Key characteristics according to NIST
• On-demand self-service. The user can use the computing
power provided by the CC as needed without the required
service from the CC service provider.
• Broad network access. Services are available over the net-
work using standardized access mechanisms across mul-
tiple clients (personal computer, mobile phone, tablet).
• Resource pooling. Provider resources are aggregated to
serve multiple users and are dynamically allocated where
they are currently needed. This feature also combines
some data independence when the user does not know
where his data is physically present.
• Scalability (Rapid elasticity). Sources can be dynamically
added and downloaded by users as needed, in some cases
automated. For the user, the sources appear to be infinite,
so the user can ask for others or release existing ones at
any time.
• Measured service. The CC environment and all its sources
should be measurable. The provider charges the service
to a user based on resource usage measurements.
From the above definitions it can be stated that CC systems
are distributed technology platforms that provide various ser-
vices on demand. Therefore, the successful implementation of
the CC system requires not only understanding of technology,
architectural layers and models, but also an understanding of
the economic and business factors that are within the CC
environment. In the following section, the work provides an
overview of CC models, basic types of services and entities
that are in most of the current CC environments.
II. D EPLOYMENT MODELS ACCORDING TO NIST
Depending on who can use the services of one CC environ-
ment, we divide CC systems to the private, public, community,
and hybrid CC systems. Both ITU-T (recommendation Y.3500
[6]) and NIST (recommendation SP 500-291 [8]) have the
same division.
A. Private cloud
According to the ITU-T Y. 3500, a private cloud is a
model that is used exclusively by one CC customer, who also
manages all of its resources. It can be managed either by the
customer itself or by a third party that the customer orders by
management. The customer can also grant access to their CC
environment to other users.
According to NIST SP 500-291, a private cloud is de-
fined as an infrastructure for use by one organization. This
infrastructure may be managed by the organization or a third
party. Such a model is suited to an organization with dynamic
and changing demands on computational resources. It is also
suitable for an organization that wants to benefit from CC but
also needs to have its data under control. This means own
storage within an organization that is under constant control
and monitoring, who and where it connects to the repository.
Private CC systems according to [9] provide the following
features and benefits:
396
• Security. While public CC environments offer a certain
level of security, within a private CC, an organization
can limit access not only to services but also to physical
resources of the service. Such a limitation can be secured
by the firewall, leased lines, or internal hosting.
• Absolute control. As the whole environment is in the
“hands” of one organization, it has a perfect overview
of the activities that are taking place within its CC
environment. In the event of a new requirement for a CC
environment, an organization can very quickly respond to
accomplish such a requirement.
• Savings and effectiveness. Using virtualization and CC,
it is possible to cover the IT needs of one organization
with several physical devices. We are not talking about
servers and storage sites, but also about backup resources
or active network elements. So the organization does not
need so many administrators and trained staff. However,
the greatest effectiveness can be seen in providing envi-
ronment and services to users on demand, as each depart-
ment of the organization may have different performance
requirements.
• Cloud bursting Cloud bursting is deploying an application
in a private CC environment that is specific to other
deployments in that if the application needs suddenly
greater computing power it is moved to the public CC
environment. Subsequently, the need for higher computa-
tional power is then moved back to the private environ-
ment. The benefit to the user is that the computing power
is paid to the service provider only when the applications
need it [10].
An organization planning to deploy private CCs currently
has a choice of multiple solutions available. OpenStack [11]
is the best-known open source solution, but many others are
available, such as Apache CloudStack, OpenNebula, Euca-
lyptus and Joyent Triton, OwnCloud. Proprietary private CC
solutions dominate Microsoft Azure and VMware vSpere,
XEN.
B. Community cloud
NIST, in SP 500-291, defines a community cloud as an
infrastructure that is used by a particular community (commu-
nity) with common interests. Like a private cloud, community
ownership can also be managed by a community or third party.
According to ITU-T Recommendation Y.3500, a community
cloud is defined as a deployment model where services are
shared among a community (community) community with
common requirements where the service is managed by at
least one member of that group. A community cloud can be
managed by a community, a third party, or a combination
of them. Unlike the public cloud, the community is reserved
exclusively for the community, while the public is available to
anyone.
Like a private cloud used by an organization or an individ-
ual, a community cloud uses a group or community to reach
a common goal. Under the community, we can understand
 ICETA 2018 • 16th IEEE International Conference on Emerging eLearning Technologies and Applications • November 15-16, 2018, Starý Smokovec, The High Tatras, Slovakia
several companies working on a joint project, or a group of
scientists addressing the same problem.
In community CC environments, it is important for users
to agree among themselves in advance who will manage the
whole environment, or who can do it when and how to use
it. According to NIST’s definition, in community CC environ-
ments, it is important who can access the environment, it is
not important where or how the entire CC system is deployed.
For example, community CC environments are referred to by
AWS GovCloud. This is a special, publicly-conceived space
in the Amazon CC environment that can only be used by the
government and governmental US institutions [1] [12].
A community CC system can be called a special type
of private CC system because more organizations use one
common CC system. For this reason, we do not mention
the specificities of community CC systems because they are
identical to private systems.
C. Public cloud
According to NIST SP 500-291, a public cloud is defined as
an infrastructure whose use is available to the general public.
It can be managed by a private organization, an academic
institution, a government institution, or a combination of them.
This infrastructure is located in the provider’s environment.
According to ITU-T Recommendation Y.3500, a public cloud
is defined as a deployment model whose services are available
to any customer. It can be managed by a private organization, a
government organization, an academic institution, or a combi-
nation of them. The entire public cloud environment is located
in the service provider’ environment. Access restrictions for
users are very free, sometimes they do not exist at all.
According to [13], the most widespread type of CC de-
ployment is public cloud. Users of the public CC can be
anyone with access to the Internet. Providers of public CC
environments for organizations are many, one of the largest
providers are Amazon Web Services (AWS), Google Cloud
Platform (GCP), Microsoft Azure, and smaller providers like
RackSpace, 1 & 1, DigitalOcean, Verizon, and so on. In
Slovakia, such a provider is, WebSupport. The public cloud is
suitable for individuals requiring different types of repositories
for their data. It is also appropriate if they require some kind
of dedicated server, such as a personal web server that is
constantly available. Organizations typically use public cloud
for IT outsourcing. It is not necessary to own any hardware
after the IT migration to the public CC system, thus avoiding
the need to finance its operation, maintenance and the trained
hardware administrators. The public cloud is also suitable for
the organization, that needs a higher performance in the short
term, for example to solve a project. It does not need to
buy additional own hardware that would later be superfluous.
Similarly to private CC systems, the specificities of public CC
systems could be summarized in several points [14]:
• Scalability. The user can dynamically change the size of
his infrastructure. If needed, it can add or remove active
elements to respond flexibly to their own requirements or
to their users’ requirements.
397
•Resource saving. The CC environment uses the “Pay-as-
you-go” model, which means that the user pays only for
the service he actually uses. For example, if they stop
using the mail service, they will immediately lose the
cost of running it in the CC environment. However, the
survey is most likely not to buy, operate and maintain its
own infrastructure and the staff needed to operate it.
• Reliability. Providers of CC environments take care of
backup and data security of their users. Typically, such
an environment is located in a data center where most
nodes are redundantly connected to a data network, as
well as to electrical energy, which are in the event of an
outage replaces the generators.
When using public CC services, it is necessary to take
the fact, that the user relies on the CC environment provider
and guarantees the functionality of the entire system. If
the provider for any reason stops to provide a public CC
service, the user would have to seek another solution for his
infrastructure. Another feature of public CC solutions is that
the user does not have his data under control. There may
also be important and sensitive data in CC storage where
inaccessibility or leakage may cause problems for the user.
D. Hybrid cloud
In its recommendation Y.3500, ITU-T defines a hybrid cloud
as a service model, consisting of at least two other models
(private, community, public). The deployment of these models
is unique, but they make up a single logical whole. A hybrid
cloud can be managed by an organization or a third party.
Hybrid CC systems represent a situation, where interaction
between different CC service deployments is needed, but these
services have different types of deployment. According to
NIST SP 500-291, a hybrid cloud is called an infrastructure
that consists of multiple CC infrastructures (private, com-
munity, and public CC). These infrastructures are deployed
independently but are also interconnected by technology that
enables data and application portability.
The hybrid cloud is a combination of some of the above
CC environments. It may be an organization using private CC
for its own purposes, with the excess of performance that it is
not able to leverage itself for the other entities. It can also be
a combination of different CC environments. For example, we
can mention an organization that uses private CC as its primary
infrastructure, and public CC for backup or testing of its own
products. According to the NIST definition, hybrid CC is any
combination of two or more CC environments (private, public,
and community) interconnected by technology that provides
application portability [1]. Since the hybrid CC system is a
combination of previous deployment models, it is not possible
to determine its specificity [16].
III. M ODELS OF CC SERVICES
The user can only use one particular application, or it can
be a set of applications that make up a specific platform, or
he can use the provider’s network infrastructure to operate
on his own environment. Based on what services and what
 ICETA 2018 • 16th IEEE International Conference on Emerging eLearning Technologies and Applications • November 15-16, 2018, Starý Smokovec, The High Tatras, Slovakia
the user can use, CC can be divided into several service
models. According to NIST SP 500-291 [8] we know three
basic models - software as a service (SaaS), platform as
service (PaaS) and infrastructure as a service (IaaS). In the
recommendation Y.3500 [6], the ITU-T has defined up to seven
categories. To three, like NIST, added communication, net-
working, computing performance and data storage as a service.
In the following section, we only discuss NIST categories,
which are also common with the ITU-T recommendation.
A. Software as a Service
In its recommendation Y.3500, ITU-T defines SaaS as a
service category where the user has an application available
from the provider. NIST has a more comprehensive definition
in SP 500-291 where SaaS is an application provided to a user,
which is available from different clients. An application user
does not manage CC infrastructure. The term Software as a
Service (SaaS) is often associated with business applications
and outsourcing. SaaS applications are typically charged in the
form of a user fee.
SaaS is the most visible part of the CC environment from
the end user’s perspective. To control such an application, the
user can use dedicated application, but more popular is using
the web interface. Benefit of the user interface is that he does
not have to install a client application for a user, but just a
web browser that is already standard on almost every device,
whether in business environments, homes, or personal devices.
The use of such a CC application is platform-independent,
available through every device connected to the Internet. For
example, we can mention Office 365 from Microsoft that offers
office-friendly services. Storage services such as Google Drive
from Google, Microsoft’s OneDrive, and Dropbox are also
very popular.
Another benefit to the user is that the entire application is
run by the provider. This means, that the user does not have
to worry about updating, backing up important data, and so
on. This is done by the application provider. Similarly, for
developers to apply an update or software repair, they just
apply it in a data center environment. Also, when testing an
application, it does not need to be tested on multiple platforms.
Some applications or computations can be challenging on
your computer hardware. Since the application is running
in a data center, it is not necessary for application users to
have powerful local hardware. The user uses simple hardware
needed just to connect to the SaaS data center, which will
bring significant savings to organizations.
Two main problems of running the application in CC
environments are security and availability. Some users may
have difficulty placing an application in the CC environment
if their company policy will not allow their data to be placed
outside the organization. Availability of data and applications
can be a problem if the user requires constant access to their
data. This can be a problem not only in the SaaS data center
itself, but also on the access road, as this center may be located
in a geographically remote area. Any error with the provider,
398
the user, or the transfer path prevents the user from accessing
his data and applications.
B. Platform as a Service
In recommendation Y.3500, ITU-T defines PaaS as a service
category where the user has a platform from the provider.
NIST, in SP 500-291 states, that PaaS is the ability to run
a custom application on the CC infrastructure, allowing cus-
tomers to use the programming languages, libraries, services,
and utilities provided by the provider. The customer does
not manage the infrastructure on which the application is
deployed, but at the same time it has full administrative access
to its application. Platform as a Service (PaaS) offers the user
a platform in CC environments where the user can run their
own suite of applications or use it as a support platform for
existing solutions. According to NIST’s recommendation, the
user can develop and run their own applications on this CC
platform.
In the role of a support platform, we most often encounter
databases that are running in CC. Whether it is a relational
SQL (Structured Query Language) or a noSQL database,
the PaaS service provides a user with the benefit of simply
replicating and backing up the entire database or its parts [17].
Because the provider leaves users free of applications, they
usually protect them in some way. Such cases include an
event, when a user application requires an increasing number
of resources (CPU, RAM, HDD, . . . ), thereby disabling the
functionality of not only other virtual user applications, but
also the functionality of the physical device on which the
virtual applications are launched. Providers often restrict their
users by using the quotas. Quotas are upper limitations of the
computing resources (CPU, RAM, HDD) that can be used by
individual users and agreed by the provider with the user when
establishing a CC contract.
C. Infrastructure as a Service
In recommendation SP 500-291, NIST defines IaaS as
an option for the user to create basic computing resources
(computing power, storage, networking, . . . ). The user does
not manage the physical infrastructure on which the computing
resources are running but has control of everything, that runs
on it. The ITU-T in Y.3500 recommends defining IaaS as a
service category where the user has the infrastructure available
from the provider.
Infrastructure as a Service (IaaS) is designed for more
experienced users because it requires knowledge of operating
system administration. With this type of service, the user com-
pletely manages the entire IT infrastructure itself, starting with
servers with their OS, through databases to network elements
or networking of components. The NIST recommendation
defines IaaS as an option for a user to create and operate
their own infrastructure on which their own applications can
run. The user has basic computational resources (computing
power, storage, and network) over which he has administrative
control. The ITU-T Recommendation Y.3500 is more stream-
 ICETA 2018 • 16th IEEE International Conference on Emerging eLearning Technologies and Applications • November 15-16, 2018, Starý Smokovec, The High Tatras, Slovakia
lined in the definition, but only says that the infrastructure is
available from the Infrastructure provider.
SaaS, PaaS and IaaS are the three basic distributions of
the CC service model. At present, however, new and new CC
service models are being created by providers to users. For
example, domain name translations - DNSaaS (Domain Name
System as a Service), firewall - FWaaS (Firewall as a Service)
or LBaaS (Load Balancer as a Service). In general, we can
summarize all these services with the unified ”Anything as a
Service” – XaaS, or EaaS (Everything as a Service).
IV. ROLES IN CC
The ITU-T, in its recommendation Y.3500 [6] defined three
roles in which the participants take part - the provider, the
user and the partner. The provider provides the user with
the service he manages. In addition to offering a service,
he also deploys, updates, monitors, and so on. The user is
in a business relationship with the provider from whom he
withdraws the service. Cloud partner is a complementary role
whose activities vary depending on the relationship with the
provider or the customer.
NIST in SP 500-292 [7] defines up to five different roles. As
well as ITU-T, a cloud provider and user that are also defined.
However, NIST adds three more roles. It is a cloud auditor
who performs independent control over the services provided.
Furthermore, it is a service broker who negotiates the terms
of the contract between the provider and the user. The last
entity is a transmission provider that provides connectivity and
transport services from provider to user. In the next part we
will present the competences of two basic roles – the provider
and the user in the three basic deployment models according
to [18] and [19].
A. Roles in SaaS
The SaaS user only has an application interface that he has
ordered from the provider. As a result, the user does not have
the ability to manage the platform or operating system on
which the application is running. The user has access to the
application only, with user rights only. He can only use appli-
cation - upload data, modify data, and save it. He has no access
to updates or modify an application. The CC environment
provider has full control over the hardware, operating system,
and middleware over which the application runs. Above the
application, the administrator has an administrator control, for
example, it can update or add expansion modules to it.
B. Roles in PaaS
Unlike SaaS, the user is gained access to a middleware,
where he runs his own application and has full access to it.
The provider continues to have full access to hardware and
operating systems and administrator access to middleware.
Has can update, expand, and maintain it.The provider has no
control of the application, it is under full management of the
user. From a user’s viewpoint, the platform can be a part of
its application. Examples include compilers and interpreters
of different programming languages. Whether it is Java (JVM
399
- Java Virtual Machine), .NET or Python, the user gets user
access to the language interpreter in which they can run their
own code. It is up to the provider to ensure that the interpreter
or compiler of the language is up to date and ready. The user is
fully responsible for the applications running on the provided
platform.
C. Roles in IaaS
The environment provider has no control over the user’s
devices. Provider can create, run, disable, scale, or delete
user’s devices. But he has no access to them. The provider is
responsible for the functionality of the hardware and hypervi-
sors that are virtualized. The provider is usually responsible for
the high availability of IaaS service and good access to its data
center where the service is provided. The user is responsible
for the running of applications and the overall security of their
systems.
V. R EFERENCE ARCHITECTURES OF CC
Reference architectures of CC can be divided into two
groups. The first group defines role-based CC architectures.
The architectures are:
• DMTF Cloud Service Reference Architecture
• IBM Cloud Computing Reference Architecture
• NIST Cloud Computnig Reference Architecture
The second group consists of layer-based architectures. In
these architectures, activities are mapped into layers that work
together. Among these architectures we can include:
• CISCO Cloud Reference Architecture Framework
• IEFT Cloud Reference Framework
• ITU-T Reference Architecture
In the following section, we describe two architectures of CC
systems, a role-based (NIST) and a layer-based (ITU-T).
A. Reference architecture according to NIST
Figure 1 shows the CC reference architecture according to
NIST [7], which defines the main roles, their activities and
functions in the CC. The figure expresses general architecture
on a high level of abstraction. The meaning of the reference
architecture is that it facilitates understanding of the require-
ments, uses, characteristics and standards of CC systems.
The roles represent the logical position of the various
stakeholders within the CC environment, describe their roles
and responsibilities towards other actors. Brief definitions of
roles in CC according to NIST are in table I.
Not all roles are mandatory when using CC services, some
may also be merged or omitted [20] [7] [21] [22] [23].
B. Reference architecture according to ITU-T Y.3500
The ITU-T has created the Reference architecture of CC,
which was published in recommendations Y.3500 and Y.3502.
This architecture is composed of layers and cross-cutting
aspects that can not be assigned to one layer, but have a direct
impact on multiple layers. A layer is defined as a set of features
that provide similar functions or serve a similar purpose. The
recommendation defines four basic layers:
 ICETA 2018 • 16th IEEE International Conference on Emerging eLearning Technologies and Applications • November 15-16, 2018, Starý Smokovec, The High Tatras, Slovakia
Fig. 1. Reference architecture according to NIST
TABLE I
ROLE DEFINITIONS IN CC
Role Definition
Provider Entity that cares about the operation of the entire CC
environment that it offers to its users. They manage the
entire infrastructure and are responsible for the functionality
and flawlessness of the whole environment.
Consumer A person or organization using CC services. It agrees with
the provider in some form of use of its environment, which
is usually confirmed by the SLA document.
Auditor An auditor is an independent entity that can perform control
of CC environment.
Broker An intermediary is the entity that controls the use, delivery
of services, and the relationship between the consumer and
the service provider.
Carrier The Carrier entity is an interface that provides interconnec-
tion between other CC environments.
• The user layer contains components that support the use
and interaction of CC environments for CC users.
• The access layer provides access to the individual fea-
tures and components of the CC environment with its
components.
• The service layer contains components that offer CC
services; the components of this layer also provide the
management and automation of the accessories needed
to implement the services.
• The resource layer contains components and resources
needed to implement and operate CC systems.
Cross-cutting aspects can not be easily mapped into individual
layers because they interact with multiple layers.
C. Cross-cutting aspects of CC
The ITU-T Recommendation Y.3502 [24] defines cross-
cutting aspects in CC systems, which are the features of these
systems that should be implemented and coordinated at the
level of architectural views of the CC system. These aspects
affect CC systems in such a way that they can not be attributed
to specific roles. Key aspects include:
• Auditability. Ability to collect data and statistics on the
operation of the CC system that can be used to perform
independent controls.
400
• Availability. CC environment services should always be
available to authorized entities. These entities are usually
users of CC environments.
• Interoperability. In the CC context, it is the user’s ability
to interact and exchange information with the CC service.
Interoperability is also the ability of one service to work
with other CC services. The CC user should have a
standardized interface to communicate with multiple CC
providers.
• Maintenance and versioning. Maintenance is important
for the proper functioning of the service. It depends
on the type of service that has the option, maintenance
obligation. For SaaS, maintenance is performed by the
provider, at IaaS usually by a user. For CC services, the
user should know exactly which version he uses. Whether
it’s an office environment (SaaS) or a version of the
operating system (IaaS), different versions can have a
functional impact on the overall stability of the service.
• Performance. The performance aspect is defined as a
group of non-functional features of the CC service.
This includes, for example, a number of computational
resources, the response time and the overall delay for the
requirements, or the data throughput through the active
network elements.
• Portability. The portability aspect is often required in
the CC because users are interested in the possibility of
migrating their data and applications between different
providers at the lowest cost and downtime. For a SaaS
service, the user should be able to move all his data,
while in the IaaS service, there are also images of virtual
machines that should perform an equivalent service with
another provider. In both cases, portability should also
provide the possibility of metadata that provide infor-
mation of the relationship between the components of
the application and the necessary infrastructure topology
(such as load balancer, firewall, etc.).
• Protection of personally identifiable information.
Providers should take care of the protection of personal
data. In CC, this task is more challenging because CC
systems often work as shared environments. In many
countries, such protection is regulated by laws.
• Resiliency. Resilience is the ability of the system to
provide at least part of the service even during certain
system failures.
• Reversibility. By this term, we could designate a process
in which the user takes back all his data, and at the same
time the provider removes all information, that has a
connection with the user either at the request from the
user or after a certain period of time. This principle is
sometimes called “the right to be forgotten”.
• Security. Security covers areas ranging from physical se-
curity to data security. Techniques such as authentication,
authorization, confidentiality, monitoring, or management
of security policies are used.
• Service level agreement. SLA is an agreement between
the provider and the user of the CC service. SLA char-
 ICETA 2018 • 16th IEEE International Conference on Emerging eLearning Technologies and Applications • November 15-16, 2018, Starý Smokovec, The High Tatras, Slovakia

acterizes the quality of CC services usually in technical
parameters, such as time of service outage, and so on.
VI. C ONCLUSION
From the overview in this paper, we can say, that basic func-
tions of Cloud computing, such as development models and
basic services are well documented. Mainly ITU-T and NIST
released several documents, that are describing basic functions
and setups of Cloud in either private and public usage, that
are in other papers used as base standards for next work.
More advanced features of clouds, such as interoperability,
portability, protection of personally identifiable information or
security in general are not standardized yet. Most of these
features are summarized as cross-cutting aspects in ITU-T
Y.3502 recommendation.
On the other hand, there are attempts to standardize these
aspects, such as standard ISO/IEC 19941:2017 [25], that deals
with interoperability and portability of CC systems. In our
opinion, this is necessary next work to standardize these as-
pects for massive expansion of cloud services and development
of applications, that tends to run in cloud environments.
[15] P. Fecilak et al. “Dynamic Reconfigurable Network Modeled by Network
Calculus” in: Journal of information, control and management systems,
vol. 8, issue 4, ISSN 1336-1716, pp. 285-292, 2010.
[16] “What is a Hybrid Cloud?,” http://www.interoute.com/cloud-
article/what-hybrid-cloud. 2018.
[17] M. Boniface a et.al, “Platform-as-a-Service Architecture for Real-time
Quality of Service Management in Clouds,” rev. Fifth International
Conference on Internet and Web Applications and Services, 2010.
[18] L. Youseff, M. Butrico a D. Da Silva, “Toward a unified ontology of
cloud computing,” Grid Computing Environments (GCE) Workshop, pp.
1-10, 2008.
[19] A. Benlian a T. Hess, “Opportunities and risks of software-as-a-service:
Findings from a survey of IT executives,” Decision Support Systems,
vol. 52, pp. 232-246, 2011.
[20] S. Hopko, Problematika Cloud computing a jeho vyuitia v rieen pre
potreby KIS, ilina, 2015.
[21] R. L. Krutz and R. D. Vines, Cloud Security: A Comprehensive Guide
to Secure Cloud Computing, Wiley Publishing, Inc., 2010.
[22] R. Dimpi and R. R. K., “A Comparative Study of SaaS, PaaS and IaaS
in Cloud Computing,” International Journal of Advanced Research in
Computer Science and Software Engineering, vol. 4, pp. 458-461, 2014.
[23] Roadmap Working Group, “NIST Cloud Computing Standards
Roadmap,”, http://www.cloudwatchhub.eu/sites/default/files/NIST Cloud-
Standards-Roadmap v2.pdf. 2013.
[24] ITU-T, “Y.3502 Reference architecture,”, https://www.itu.int/rec/T-REC-
Y.3502-201408-I/en. August 2014.
[25] ISO, “ISO/IEC 19941,”, https://www.iso.org/standard/66639.html. 2017.

ACKNOWLEDGMENT
This paper is supported by Faculty of management and
information science of University of Zilina, funded by research
grant numbers FVG/6/2018, FVG/37/2018 and project KEGA
011STU-4/2017.

R EFERENCES
[1] G. A. A. Santana, CCNA Cloud, Cisco Press, 2016, p. 609.
[2] European Commission, “Cloud Select Industry Group on Service Level
Agreements,” https://ec.europa.eu/digital-single-market/en/cloud-select-
industry-group-service-level-agreements, 2018.
[3] European Commission, “Cloud Select Industry Group on Code
of Conduct,” https://ec.europa.eu/digital-single-market/en/cloud-select-
industry-group-code-conduct, September 2018.
[4] European Telecommunications Standards Institute, “Cloud Standards
Coordination,” http://csc.etsi.org/, September 2018.
[5] European Commission, “Expert Group on Cloud Computing
Contracts,” http://ec.europa.eu/justice/contract/cloud-computing/expert-
group/index en.htm, September 2018.
[6] ITU-T, “Y.3500 Overview and vocabulary,” August 2014.
https://www.itu.int/rec/T-REC-Y.3500-201408-I, September 2018.
[7] F. Liu et.al., “NIST Cloud Computing Reference Architecture,
SP-500-292,”, https://www.nist.gov/publications/nist-cloud-computing-
reference-architecture, September 2011.
[8] Roadmap Working Group, “NIST Cloud Comput-
ing Standards Roadmap, SP 500-291 version 2,”,
http://www.cloudwatchhub.eu/sites/default/files/NIST Cloud-Standards-
Roadmap v2.pdf, 2013.
[9] “What is a Private Cloud?,” http://www.interoute.com/cloud-
article/what-private-cloud, September 2018.
[10] TechTarget, “Cloud Bursting,” Aprl 2017.
http://searchcloudcomputing.techtarget.com/definition/cloud-bursting,
September 2018.
[11] “OpenStack Project,” https://www.openstack.org/, 2018.
[12] Amazon AWS, “What Is AWS GovCloud (US)?,”
http://docs.aws.amazon.com/govcloud-us/latest/UserGuide/whatis.html
2018.
[13] RightScale, “State of the cloud report,”,
http://assets.rightscale.com/uploads/pdfs/RightScale-2017-State-of-
the-Cloud-Report.pdf 2017
[14] “What is a Public Cloud?,” http://www.interoute.com/cloud-article/what-
public-cloud. 2018.

401
 ICETA 2018 • 16th IEEE International Conference on Emerging eLearning Technologies and Applications • November 15-16, 2018, Starý Smokovec, The High Tatras, Slovakia

402

View publication stats