The blog

CORA and cloud computing: part I

This blog is the first in a series about the CORA model and Cloud Computing. In this blog the viewpoint of the CORA model is described shortly (being to enforce predictable, repeatable and risk-aware application design on different architecture levels (i.e. Enterprise level, Implementation Level). After that the Cloud definition of the NIST-institute is used to connect CORA with Cloud Computing.

Why the CORA model
Today’s changing business needs affects the way how organizations and their IT landscape is and should be organized. The IT landscape within organizations (“On Premise”) which supports these changing business needs has evolved into a myriad of legacy systems, custom made systems and Packaged Based Solutions (PBS) from a cocktail of vendors. All these different applications are required to primarily support local changing business needs and are almost always implemented using vendor-specific reference architectures. At the same time organizations more and more consume services from other parties and may provide services to other external consumers. With the advent of Cloud Computing organizations not only have the opportunity to outsource (parts of) their “On Premise” IT but also consume IT, delivered by Cloud Providers (“Off Premise”). All this has a profound effect on the internal enterprise IT landscape because the architecture and the governance of the IT landscape need to deal with cross-boundary traffic.

In order to meet this challenge it is necessary to improve the control over the IT landscape:

  • on both enterprise as well as project implementation level;
  • with the focus on a heterogeneous IT landscape “On Premise” as well as “Off Premise” (outsourced or delivered “On Demand”);
  • for the complete lifecycle of IT solutions;
  • between enterprises & social networks.

Today architecture-based approaches, including reference models, exist to enable this improvement. This helps organizations to make decisions based on requirements, through visioning them into a coherent style or structure. Because they all have difficulties to take these demands into account simultaneously the COmmon Reference Architecture (CORA) is developed to enforce predictable, repeatable and risk-aware application design on different architecture levels.


Connect to networks outside the Enterprise
The focus of the CORA model is on the internal enterprise IT landscape and its relationship with the outside world by consuming services from other parties and providing services to other external consumers. These services are divided in Business networks (i.e. Amazon, Google,, Microsoft Azure, and Social networks (i.e. Twitter, LinkedIn, various sites who collect public approved data of individuals). Because every type of service provides a certain capability, these types are named Capability As A Service.


For the sake of simplicity the focus in this series will be on by consuming services (by cloud providers). The provisioning of services to other external consumers (by cloud or other means) will be discussed in another series.

Cloud Definition and the relationship with CORA
The National Institute of Standards and Technology (NIST) has developed the folowing definition about Cloud Computing: “Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three delivery models, and four deployment models“.


  • On-demand self-service: consuming cloud capabilities without requiring human interaction with the Cloud Provider.
  • Ubiquitous network access:  availability of cloud capabilities over the network and accessed through thin, as well as thick clients ( phones, laptops).
  • Location independent resource pooling: serving consumers using a multi-tenant model by pooling resources, where the consumer generally has no control or knowledge over the exact location.
  • Rapid elasticity: providing cloud capabilities to be scaled up and down rapidly and elastically.
  • Measured Service: providing appropiate metering capabilities and automatically control, optimize and report resource use, obtaining transparency for both the provider and consumer.

When mapping these characteristics onto CORA-elements involved, it will become clear that the Channel Access and IT-Governance Layer are impacted.

Delivery models

  • Software as a Service (SaaS): the capability provided to the consumer is to use the provider’s applications and accessible from various client devices through a thin client interface such as a Web browser. The provider’s applications can set user-specific application configurations in a limited way.
  • Platform as a Service (PaaS): the capability provided to the consumer is to deploy consumer-created applications using programming languages and tools supported by the provider. The consumer has control over the deployed applications.
  • Infrastructure as a Service (IaaS): the capability provided to the consumer is to provision infrastructure resources where the consumer is able to deploy and run arbitrary applications. The consumer has control over operating systems, storage, deployed applications, and possibly networking components (e.g., firewalls, load balancers).

The CORA model is used to assess an IT landscape from an application perspective. This means that only the (deployed) applications are assessed in these blog series. However very important, the infrastructure resources are not assessed because this requires an infrastructural perspective on the IT Landscape which is not part of the current CORA model. By emphasizing on applications integrated in some way within a hybrid cloud environment, the CORA model helps answering important and difficult questions when designing an enterprise application architecture, which is underestimated in currect Cloud theories.

Deployment models

  • Private cloud: solutions solely for an organization, managed by the organization or a third party, exist On Premise or Off Premise.
  • Community cloud: solutions shared by several organizations, managed by the organizations or a third party, exist On Premise or Off Premise.
  • Public cloud: solutions made available to the general public or a large industry group, owned and managed by a Cloud Provider.
  • Hybrid cloud: composition of two or more clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability.

This blog series takes the hybrid cloud as the basic thought, because in practice this model will be most commonly used (and most difficult to accomplish!).