For enquiries call:



Aage ki Socho

HomeBlogCloud ComputingCloud Computing Reference Model with Diagrams

Cloud Computing Reference Model with Diagrams

08th Sep, 2023
view count loader
Read it in
15 Mins
In this article
    Cloud Computing Reference Model with Diagrams

    The in-demand availability of computer system resources, particularly data storage and processing power, without the user’s direct involvement is known as cloud computing. Large clouds frequently distribute their services among several sites, each of which is a data center. To accomplish coherence, cloud computing depends on sharing resources. It often uses a "pay-as-you-go" approach, which can assist in reducing capital expenses but may also result in unforeseen running expenses for users. The hardware and software elements necessary for a cloud computing model's correct execution are included in the cloud infrastructure.  

    With the increased demand for Cloud Computing across the world, the definitions, structures, and use of cloud computing have increased. So, there will be different perspectives on using these services and various services that may differ from client to client or location. This is where cloud computing reference model comes in. The cloud reference model is an abstract model used to standardize the functions and parameters of cloud computing so that various cloud services and vendors across the world having different technologies can communicate with each other. Opt for online Cloud training courses and stay ahead. 

    What is Cloud Computing Reference Model? 

    The cloud computing reference model is an abstract model that divides a cloud computing environment into abstraction layers and cross-layer functions to characterize and standardize its functions. This reference model divides cloud computing activities and functions into three cross-layer functions and five logical layers.

    Each of these layers describes different things that might be present in a cloud computing environment, such as computing systems, networking, storage equipment, virtualization software, security measures, control and management software, and so forth. It also explains the connections between these organizations. The five layers are the Physical layer, virtual layer, control layer, service orchestration layer, and service layer. 

    Cloud Computing reference model is divided into 3 major service models:

    1. Software as a Service (SaaS) 
    2. Platform as a Service (PaaS) 
    3. Infrastructure as a Service (IaaS) 

    The below diagram explains the cloud computing reference model:

    Cloud Computing Reference Model Diagram

    Cloud Computing Reference Model Overview

    IaaS, PaaS, and SaaS are the three most prevalent cloud delivery models, and together they have been widely adopted and formalized. A cloud delivery service model is a specific, preconfigured combination of IT resources made available by a cloud service provider. But the functionality and degree of administrative control each of these three delivery types offer cloud users varies.

    These abstraction layers can also be considered a tiered architecture, where services from one layer can be combined with services from another, for example, SaaS can supply infrastructure to create services from a higher layer. Let us have a look at the layers of cloud computing reference model. 

    1. SaaS

    Software as a Service (SaaS) is a form of application delivery that relieves users of the burden of software maintenance while making development and testing easier for service providers.

    The cloud delivery model's top layer is where applications are located. End customers get access to the services this tier offers via web portals. Because online software services provide the same functionality as locally installed computer programs, consumers (users) are rapidly switching from them. Today, ILMS and other application software can be accessed via the web as a service.

    In terms of data access, collaboration, editing, storage, and document sharing, SaaS is unquestionably a crucial service. Email service in a web browser is the most well-known and widely used example of SaaS, but SaaS applications are becoming more cooperative and advanced.

    Features of SaaS are as follows: 

    • The cloud consumer has full control over all the cloud services. 
    • The provider has full control over software applications-based services. 
    • The cloud provider has partial control over the implementation of cloud services. 
    • The consumer has limited control over the implementation of these cloud services. 

    2. PaaS

    Platform as a Service is a strategy that offers a high level of abstraction to make a cloud readily programmable in addition to infrastructure-oriented clouds that offer basic compute and storage capabilities (PaaS). Developers can construct and deploy apps on a cloud platform without necessarily needing to know how many processors or how much memory their applications would use. A PaaS offering that provides a scalable environment for creating and hosting web applications is Google App Engine, for instance.

    Features of PaaS layer are as follows: 

    • The cloud provider has entire rights or control over the provision of cloud services to consumers. 
    • The cloud consumer has selective control based on the resources they need or have opted for on the application server, database, or middleware. 
    • Consumers get environments in which they can develop their applications or databases. These environments are usually very visual and very easy to use. 
    • Provides options for scalability and security of the user’s resources. 
    • Services to create workflows and websites. 
    • Services to connect users’ cloud platforms to other external platforms. 

    3. IaaS

    Infrastructure as a Service (IaaS) offers storage and computer resources that developers and IT organizations use to deliver custom/business solutions. IaaS delivers computer hardware (servers, networking technology, storage, and data center space) as a service. It may also include the delivery of OS and virtualization technology to manage the resources. Here, the more important point is that IaaS customers rent computing resources instead of buying and installing them in their data centers. The service is typically 

    paid for on a usage basis. The service may include dynamic scaling so that if the customers need more resources than expected, they can get them immediately. 

    The control of the IaaS layer is as follows: 

    • The consumer has full/partial control over the infrastructure of the cloud, servers, and databases. 
    • The consumer has control over the Virtual Machines' implementation and maintenance. 
    • The consumer has a choice of already installed VM machines with pre-installed Operating systems. 
    • The cloud provider has full control over the data centers and the other hardware involved in them. 
    • It has the ability to scale resources based on the usage of users. 
    • It can also copy data worldwide so that data can be accessed from anywhere in the world as soon as possible. 

    You can learn in-depth about these layers when you go for AWS certification Cloud Practitioner course.

    Types of Cloud Computing Reference Model

    There is various type of cloud computing reference model used based on different requirements of the consumers. The most important type of cloud computing reference model is the cloud reference model in cloud computing. The National Institute of Standards and Technology (NIST) is an organization designed by the US government (USG) agency for the adoption and development of cloud computing standards.  

    The principle of NIST Cloud computing reference architecture are: 

    1. Create a vendor-neutral architecture that adheres to the NIST standard. 
    2. Create a solution that does not inhibit innovation by establishing a required technological solution. 
    3. The NIST Cloud computing reference architecture provides characteristics like elasticity, self-service, the collaboration of resources, etc.  

    The service models involved in this architecture are: 

    1. Software as a Service (SaaS) 
    2. Platform as a Service (PaaS) 
    3. Infrastructure as a Service (IaaS) 

    NIST Cloud computing also has 4 deployment models, which are as follows: 

    1. Public

    This is the model where cloud infrastructure and resources are given to the public via a public network. These models are generally owned by companies that sell cloud services.

    2. Private

    This is the model where cloud infrastructure and resources are only accessible by the cloud consumer. These models are generally owned by cloud consumers themselves or a third party.

    3. Community

    This is the model where a group of cloud consumers might share their cloud infrastructure and resources as they may have the same goal and policies to be achieved. These models are owned by organizations or third-party.

    4. Hybrid

    This model consists of a mixture of different deployment models like public, private, or community. This helps in the exchange of data or applications between various models.

    Examples of Cloud Computing Reference Model Apart From NIST

    1. IBM Architecture 
    2. Oracle Architecture 
    3. HP Architecture 
    4. Cisco Reference Architecture 

    Major Actors of Cloud Computing Reference Model

    There are five major actors in NIST cloud computing reference architecture. They are: 

    1. Cloud Consumer 
    2. Cloud Provider  
    3. Cloud Carrier 
    4. Cloud Auditor 
    5. Cloud Broker

    The below image will explain cloud computing reference model with a neat diagram.

    Cloud reference architecture diagram

    Each actor is an entity that participates in the process and/or completes duties in cloud computing. This entity could be a person or an organization.  

    1. Cloud Consumer

    The end user that the cloud computing service is designed to support is the cloud consumer. An individual or corporation with a working relationship with a cloud provider and utilizing its services is referred to as a cloud consumer. A cloud customer peruses a cloud provider's service catalog, makes the proper service request, enters into a service agreement with the cloud provider, and then utilizes the service. The cloud customer may be charged for the service provided, in which case payment arrangements must be made. They need to have a cloud Service Level Agreement (SLA). 

    2. Cloud Provider

    Any individual, group, or other entity in charge of making a service accessible to cloud users is a cloud provider. A cloud provider creates the requested software, platforms, and infrastructure services, manages the technical infrastructure needed to supply the services, provisions the services at agreed-upon service levels, and safeguards the services' security and privacy. 

    Through service interfaces and virtual network interfaces that aid in resource abstraction, the cloud provider implements the cloud software to make computing resources accessible to cloud consumers that use the infrastructure as a service. 

    3. Cloud Carrier

    A cloud carrier serves as an intermediary between cloud providers and customers, facilitating connectivity and transport of cloud services. Customers can access the cloud through the network, telecommunication, and other access equipment provided by cloud carriers. Customers of cloud services, for instance, can get them through network access devices, including laptops, mobile phones, PCs, and mobile Internet devices (MIDs), among others. Network and telecommunication carriers typically handle the distribution of cloud services, while a transport agent is a company that arranges for the physical delivery of storage devices like high-capacity hard drives. 

    Remember that a cloud provider will establish service level agreements (SLAs) with a cloud carrier to provide services at a level consistent with the SLAs offered to cloud consumers. The cloud provider may also demand that the cloud carrier provide dedicated and encrypted connections between cloud consumers and cloud providers. 

    4. Cloud Auditor

    An unbiased evaluation of cloud services, information system operations, performance, and the security of a cloud computing implementation can be done by a cloud auditor. A cloud auditor can assess a cloud provider's services in terms of performance, service level agreement compliance, privacy implications, and security controls. 

    The management, operational, and technical precautions or countermeasures used inside an organizational information system to ensure the privacy, availability, and integrity of the system and its data are known as security controls. 

    To do a security audit, a cloud auditor can evaluate the information system's security controls to see how well they are being implemented, functioning as intended, and achieving the required results in relation to the system's security needs. Verifying compliance with law and security policy should be part of the security audit. 

    5. Cloud Broker

    An organization called a "Cloud Broker" controls how cloud services are used, performed, and delivered and negotiates contracts between cloud providers and cloud users. The integration of cloud services could become too difficult for cloud consumers to handle as cloud computing develops. Instead of contacting a cloud provider directly in certain circumstances, a cloud consumer may request cloud services through a cloud broker. A single point of access for controlling numerous cloud services is offered by cloud brokers. The capacity to offer a single consistent interface to numerous different providers, whether the interface is for commercial or technical objectives, separates a cloud broker from a cloud service provider. Cloud Brokers provide services in three categories:


    By enhancing a certain feature and offering cloud consumers value-added services, a cloud broker improves a given service. The enhancement may take the shape of identity management, performance reporting, improved security, etc. 


    Several services are combined and integrated into one or more new services by a cloud broker. The broker offers data and service integration, guarantees secure data transfer between the cloud consumer and various cloud providers, and provides these services. 


    Like service aggregation, service arbitrage differs from it in that the services being integrated or aggregated are not fixed. Service arbitrage refers to the freedom a Broker has to select services from various service Providers. 

    Interactions Between Actors in Cloud Computing in Cloud Security Reference Model

    1. Instead of contacting a cloud provider directly, a cloud consumer may request service through a cloud broker. The cloud broker may combine several services to form a new service or may improve an existing one. In this illustration, the cloud consumer interacts directly with the cloud broker and is unaware of the actual cloud providers.

    2. An unbiased evaluation of the functionality and security of a cloud service's implementation is done by a cloud auditor. Interactions with the cloud consumer and cloud provider may be necessary for the audit.

    3. The connectivity and delivery of cloud services from cloud providers to cloud consumers are handled by cloud carriers. Figure 4 shows how a cloud provider arranges and participates in two distinct service level agreements (SLAs), one with a cloud carrier (for example, SLA2) and one with a cloud consumer (e.g., SLA1).

    To ensure that the cloud services are used at a consistent level in accordance with the contractual responsibilities with the cloud consumers, a cloud provider negotiates service level agreements (SLAs) with a cloud carrier and may ask for dedicated and encrypted connections. In this situation, the provider may express its functionality, capability, and flexibility needs in SLA2 to meet SLA1's basic requirements.

    Security Reference Model in Cloud Computing

    The formal model for the NIST Cloud Computing Security Reference Architecture is NIST SP 500-292: A connected collection of security components generated from the CSA TCI-RA, the NIST Cloud Computing Reference Architecture, and a way for utilizing the formal model and the security components to orchestrate a safe cloud ecosystem.

    The Cloud Security reference model is agnostic about the cloud deployment model, and its methodology may easily be applied to data about Private, Community, or Hybrid clouds. It is a formal model, a collection of Security Components, and a methodology for applying a cloud-adapted Risk Management Framework. Since a public cloud deployment model best supports illustrative examples of all the NCC-SRA Security Components and security considerations, this document uses it to describe the methodology for illustration purposes.

    The Cloud Security reference model introduces a risk-based methodology to establish each cloud actor's accountability for putting particular controls throughout the cloud ecosystem's life cycle. The Security Components are specifically examined for each instance of the cloud Ecosystem to determine the degree to which each cloud actor participated in the implementation of those components. This document's main goal is to demystify the process of describing, identifying, classifying, analyzing, and choosing cloud-based services for cloud consumers who are trying to figure out which cloud service offering best addresses their cloud computing needs and supports their business and mission-critical processes and services in the most secure and effective way.

    Looking to boost your career? Join our ITIL certification training course and become an expert in no time. Gain the skills you need to succeed in the ever-evolving IT industry. Enroll now!


    Any cloud project needs a solid architecture to guarantee that the created cloud solution meets the requirement. Regardless of whether the solution uses a private, public, or hybrid cloud, this is crucial. Reference architectures for cloud computing have been offered by both major IT suppliers and other sorts of organizations. By employing a reference design, your cloud will have a solid "blueprint" from the beginning.

    You can say using cloud computing reference architecture in cloud computing is like using the TCP/IP or OSI model in Networking. So, to briefly summarize the cloud computing reference model, it is a model which provides a blueprint or a structure for cloud computing that can be used as a standard procedure all over the world.

    So, utilizing a cloud computing reference architecture will enable you to build on the experiences of others as well as design and deploy a strong cloud solution. A reference design needs to apply to all IT projects, not only cloud-related ones and for that matter, non-IT projects as well. To learn more about the Security reference model and Cloud Computing Reference Architecture, you can check out KnowledgeHut online Cloud training courses.

    Frequently Asked Questions (FAQs)

    1. What are characteristics of cloud computing explain the cloud computing reference model?

    The characteristics of cloud computing are that it gives a common structure or taxonomy on which cloud can be built. It also provides simplification of the process and provides cloud users with a standard blueprint for the implementation of cloud. 

    2. What is the NIST cloud computing reference model?

    NIST cloud computing reference model is a cloud computing reference model designed by the National Institute of Standards and Technology (NIST). Instead of focusing on a "how to" design solution and implementation, the NIST cloud computing reference architecture focuses on the requirements of "what" cloud services must offer. The reference architecture aims to make it easier to comprehend the operational nuances of cloud computing.

    3. Which service model is best in cloud computing? 

    IaaS is the best service model in cloud computing. IaaS offers the most choices for IT hardware infrastructure. If you require management and customization of the hardware infrastructure to meet your needs, IaaS is the best choice.

    4. Who are cloud consumers?

    Cloud consumer is the end user who browses or uses the services offered by Cloud Service Providers (CSP) and enters into service agreements with the cloud provider is referred to as a cloud consumer. The cloud user makes payments each time a service is offered.

    5. Write the difference between cloud consumer and cloud provider?

    Cloud Consumer is an entity that pays to use the cloud and has agreements with the cloud providers to use their resources, whereas Cloud Providers are the entity that provides the cloud services or infrastructure to consumers.


    Kingson Jebaraj

    Multi Cloud Architect

    Kingson Jebaraj is a highly respected technology professional, recognized as both a Microsoft Most Valuable Professional (MVP) and an Alibaba Most Valuable Professional. With a wealth of experience in cloud computing, Kingson has collaborated with renowned companies like Microsoft, Reliance Telco, Novartis, Pacific Controls UAE, Alibaba Cloud, and G42 UAE. He specializes in architecting innovative solutions using emerging technologies, including cloud and edge computing, digital transformation, IoT, and programming languages like C, C++, Python, and NLP. 

    Share This Article
    Ready to Master the Skills that Drive Your Career?

    Avail your free 1:1 mentorship session.

    Your Message (Optional)

    Upcoming Cloud Computing Batches & Dates

    NameDateFeeKnow more
    Course advisor icon
    Course Advisor
    Whatsapp/Chat icon