Navigating Cloud Standards

(1)

www.cloudindustryforum.org

Navigating Cloud Standards

David Bicket

Director m-Assure Limited

[email protected]

Acknowledgements: Kate Craig-Wood, Memset

Ian Osborne, Intellect, ICT KTN,

(2)

Learning objectives



What standards are appropriate for Cloud service providers and

cloud service users?



Which programmes exist for technical, security, interoperability

and commercial trust?



What is the landscape looking like for the evolution of standards

and best practice.

(3)

“The great things about standards is that

there are so many to choose from.”

(4)

A caveat



Few clear cloud standards have yet emerged

 But some bodies clearly have more authority



Many APIs in use, many standards being designed

 Some defacto standards are emerging



Lots of M&A activity and vested commercial interests

further muddying the water



Only selection of standards and technologies covered

in this presentation

(5)

Approach / contents



Review principal conceptual standards

 Overview of cloud standards initiatives

 Cloud computing definition, vocabulary & reference architecture



Review currently applied operational standards

 Quality & operational: ISO 9001, ISO 17203, CIF, Uptime Institute

 Environmental: ISO 14001, PAS 2060, EU CoC DC

 Security: ISO 27001, CESG BIL’s, PCI DSS



Highlight principal technologies in use

 Virtualization, IaaS & PaaS technologies

 Application Programming Interfaces (APIs)

(6)

Part one

(7)

Cloud computing standardization

initiatives

 Open Grid Forum (OGF)

 Cloud Computing Interoperability Forum (CCIF)

 Distributed Management Task Force (DMTF)

 Cloud Security Alliance (CSA)

 ETSI TC Cloud *

 Org for Advancement of Structured Information Standards (OASIS)

 Object Management Group (OMG)

 Storage Networking Industry Association (SNIA)

 ITU-T Focus Group on Cloud Computing

 Cloud Computing Forum (CCF - Korea)

• Korea Cloud Service Assn (KCSA) • The Open Group

• European Network and Information Security Agency (ENISA)

• ISO/IEC JTC1 SC7 System and Software Engineering

• ISO/IEC JTC1 SC27 Security

• ISO/IEC JTC1 SC38 WG3 Cloud * • Institute of Electrical & Electronic

Engineers Standards Assoc (IEEE-SA)

• China Electronics Standardization Institute (CESI)

• Cloud Industry Forum (CIF) • OSGi Alliance

• Open Data Center Alliance (ODCA) • Japan Cloud Consortium

(8)

International Standards Organization

(ISO/IEC)



Generalized operational management systems

 9001,14001,27001, 20000-1



DMTF’s Open Virtualization Format (OVF) now

ISO/IEC 17203



SC38: Distributed application platforms and services

(DAPS)

 Vocabulary

(9)

Part two

(10)

Quality standards



Quality Management System (ISO 9001)

 Generalized but still applicable



Uptime institute tiering & TIA-942

 Data centre specific



ISO SC38 - Distributed apps, platforms & services

 OVF / ISO 17203

 Web services interoperability standards x 3

 Debatable how much value ISO add in a fast-moving space!

(11)

Environmental standards



Environmental management system ISO 14001

 Generalized but applicable



Carbon Neutral / PAS 2060

 Generalized. Increasingly popular



EU Code of Conduct for data centers

 Data-centre specific. Voluntary and common sense!



LEED (buildings)

(12)

Security standards



ISO 27001

 Highly applicable if done correctly



PCI DSS

 Mainly focused on card transactions but of value



Uptime institute tiering system

 Data-centre specific



G-Cloud Business Impact Levels (BIL)

(13)

CIF code of practice



Transparency

 Ownership, people

 Migration paths

 Commercial terms



Capability

 Management systems

 Resources

 Continuity



Accountability

(14)

Part three

Technical Standards

Highlights only. See other on-line

(15)

(16)

Application Programmatic Interfaces (APIs)



De-facto standards emerging for IaaS

 Different for compute and storage



Open ones tend to be RESTful

 Eg. OpenStack, OCCi

 More “Web 2.0”



Closed / payware ones tend to be XML

 Eg. Amazon (SOAP), vCloud

 API provides introspection capability

(17)

IaaS compute APIs



Common IaaS compute methods:

 Create new instances from specified image

 Start / stop / reboot instances

 Destroy instances

 List all/get details about hardware profiles

 List all/get details about realms/images etc



Lack of standardization around:

 Importing / creating new VM images (OVF will help)

(18)

IaaS storage APIs



Common IaaS storage methods:

 Create new container

 Update/delete container

 Create new object

 Update/delete object

 Read/write object attributes

 Read/write individual object attributes



Lack of standardization around:

(19)

Principal IaaS APIs



Amazon Web Services

 Elastic Compute Cloud (EC2) & Simple Storage Service (S3)

 Defacto standards, most widely used



OpenStack consortium

 Compute & Object Storage APIs and software

 Industry’s answer to Amazon



Open Grid Forum’s (OGF) Open Cloud Computing

Interface (OCCi)

 Somewhat academic approach but has traction with EC / FP7



DMTF's OVM, now ISO/IEC 1720

(20)

Defacto standards for VM resources



EC2-like ratios of RAM:CPU:disk becoming the norm:

 1 / 2 / 4 / 8 x 1.4 GHz Xeon core

 2 / 4 / 8 / 16 Gbytes RAM

 160 / 320 / 640 / 1280 Gbytes disk



Different hypervisors make relatively little difference

 Technologies available for portability

 Interoperability is almost there!



Little standardization around network layer

(21)

Defacto standards for storage



Most are object stores, not file systems

 Restrict options

 Can’t do incremental updates (e.g.. rsync)

 Limited meta data (timestamps etc)



Amazon’s billing most comprehensive, but most:

 Per-GB stored

 Per-GB transferred out



“Durability” becoming standard measure of resilience

 Probability of any one object being lost per year.

 E.g.. “99.999999% durability” means that any individual object has a 0.000001%, or 1 in 100,000,000 chance of being lost.

(22)

PaaS standards / common features



Less standardization than IaaS

 Lots of languages, lots of vendors vying for position

 Rage of approaches to billing – per-user, per-thread, per-trans. etc



Many are auto-scaling (but not all)

 Main benefit of PaaS arguably should be auto-scaling!

 Therefore less need for APIs though some have (e.g. Azure)



Many include abstracted messaging & data base

 Easy to use / transparent, but also means vendor lock-in!

(23)

SaaS standards / common features



Limited options for broad standardization

 Can only really do among similar types of software

 Not in vendors’ interests though!



Billing tends to be per-user per-day/month/year



Some application-specific data schemas

 E.g. accountancy information



Authentication is ripe for standardization though

(24)

Resources

www.cloudindustryforum.org/cif-and-cloud-standards

Ian Osborne, Chair, CIF Standards Committee



Kate Craig-Wood, Memset

 Kate Craig Wood- Speaking @ Cloud Expo Olympia 26-01-12- Full version

 http://www.youtube.com/watch?v=LtohJOUXkYg



Ian Osborne, Intellect, ICT KTN

 BrightTALK webinar

(25)

(26)

Thank you

[email protected]