Relating the NIST Definition of Cloud Computing to ERP

EphraimCohen
Posted by EphraimCohen

The “NIST (US National Institute of Standards and Technology) published a roadmap in July 2011 that includes the definition of cloud computing published by NIST in January 2011.

Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to
a shared pool of configurable computing resources (e.g., networks, servers, storage,
applications, and services) that can be rapidly provisioned and released with minimal
management effort or service provider interaction. This cloud model promotes availability and
is composed of five essential characteristics, three service models, and four deployment
models.

This post will relate the essential characteristics, service models, and deployment models specified by NIST for general cloud computing to the more specific topic of Cloud ERP.

Relating the NIST Definition to Cloud ERP

The Five Essential Characteristics

  1. The first essential characteristic is the notion that a consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed without requiring human interaction with each service’s provider. Of all criteria in the NIST definition, this component is the most problematic since most ERP companies require a licensing and up-front payment to gain access to additional resources. In the case of ERP the value of the software is the major component of the service, so vendors have opted for a business model resembling software more than services. The ability to meet this definition exists from a technical standpoint, but vendor business models do not meet the strict requirements the definition.
  2. The second essential characteristic explains that broad network access is required through heterogeneous thin or thick client platforms. This definition eliminates the possibility of hosting legacy client-server solutions and calling them “cloud” as we discussed in a post on cloud ERP versus hosted ERP software – a much needed industry clarification.
  3. The third essential characteristic explains that resource pooling is required and cites examples of storage, bandwidth processing, memory, network bandwidth, and virtual machines. This definition emphasizes a multi-tenant architecture, but protects the idea that Cloud ERP may require customized application code for different customers. Thus, we can conclude that ERP still can be considered “cloud” if composed of multi-tenant hardware and operating systems running unique application code.
  4. The fourth essential characteristic addresses rapid elasticity (or scaling) of resources. By definition, this can happen on demand and may happen automatically. As with the first characteristic (on-demand self service), this can be problematic with Cloud ERP – not because of vendor capabilities, but because of financial models.
  5. The fifth essential characteristic explains that service resources can be measured. Resources can include storage, processing, bandwidth, and active user accounts. All Cloud ERP vendors support this capability.

Service Models

The NIST definition cites three service models (SaaS – software as a service, PaaS – platform as a service, IaaS – infrastructure as a service) offered by cloud service providers. See ERP Cloud News article for info on PaaS / IaaS.

Most Cloud ERP providers offer SaaS since the application software is the most critical component of a Cloud ERP offering. SaaS allows the vendor to control software upgrades and offer customers an all-inclusive service. Some of the more flexible Cloud ERP vendors allow customers to purchase a software license and deploy PaaS where they “have control over the deployed applications” or IaaS where they “have control over operating systems, storage, deployed applications.” All of these options are consistent with the NIST definition.

Deployment Models

The NIST definition cites four deployment models.

  1. Private Cloud. Some flexible Cloud ERP vendors offer customers the ability to run the application code on their own infrastructure. The infrastructure can be run on premise of off premise.
  2. Community Cloud. Rarely used in Cloud ERP, this model involves several organizations sharing and supporting a single cloud infrastructure.
  3. Public Cloud. The most frequently used Cloud ERP model. The definition supports a community or a single organization owning the cloud infrastructure and offering or selling cloud services to the general public. In the case of Cloud ERP, it’s usually a single organization/vendor that sells services.
  4. Hybrid Cloud. This involves utilizing two or more types of clouds that remain unique entities but are bound together by standardized or proprietary technology. Although rare in Cloud ERP, some customers back up their Public Cloud data to a Private Cloud.

Summary

The good news is that Cloud ERP fits the guidelines established by NIST for the definition of a Cloud Service. Further, the definition and explanations eliminate some services that vendors have inappropriately called “cloud” by stretching the definition of cloud for marketing purposes. The service and deployment models also align with the way Cloud ERP vendors offer service.

With Cloud ERP, the application software is a critical component of the service – and frequently the most expensive component of service. This causes the Cloud ERP business model to be at odds with the NIST definition in the areas of on-demand self services and rapid elasticity. Technologically, the Cloud ERP services fit the definition, but the business model that requires paying up-front for software doesn’t align with the pay-as-you-go requirement suggested by the definition.

Tags: