public cloud, private cloud, and fuzzy cloud demarcation

Public/private and internal/external are two separate dimensions.  Public, private, or community attributes specify how widely the cloud service is shared; a sharing dimension.  Internal or external denote the consumer’s view of the Cloud’s service interface.  The view is associated with a consumer’s responsibility for service development, operations, and management; a responsibility dimension.  A third dimension, on-premise or outsourced, describes where the service assets are located; a location dimension.  Many architects conflate the three dimensions. NIST has recently published a Cloud Computing Reference Architecture which spends considerable prose disentangling the concepts.  According to NIST:

A private cloud gives a single Cloud Consumer organization the exclusive access to and usage of the infrastructure and computational resources. It may be managed either by the Cloud Consumer organization or by a third party, and may be hosted on the organization’s premises (i.e. on-site private clouds) or outsourced to a hosting company (i.e. outsourced private clouds).


Let’s run through three quick use cases describing public, private, and community:

  1. A public cloud service is accessible to any consumer.  For example, all organizations who have sales teams.
  2. A private cloud service is accessible to only members of a single team. For example, a custom tailored Enterprise Resource Planning application delivered as a service to company employees.
  3. A community cloud blends the two access models. A community cloud service is accessible to a select, exclusive group. For example, a classified information service delivered to government agencies


A person or organization will often use and deliver cloud services across private, public, and community environment.  A hybrid cloud strategy delivers, spans, and connects clouds across all dimension attributes.  According to NIST,

A hybrid cloud is a composition of two or more clouds (on-site private, on-site community, off-site private, off-site community or public) that remain as distinct entities but are bound together by standardized or proprietary technology that enables data and application portability.


To effectively implement a hybrid cloud, the solution must exhibit interoperability and policy federation across cloud services.  Interoperability and federation are two difficult to implement concepts. Teams should choose technologies such as XACML, OAuth, SAML, JSON, RESTful interfaces.

Leave a Reply