Navigating Cloud Standards

Similar documents
Attacking the roadblocks preventing aggressive adoption of Cloud Standards:

ICT transforming business in the UK. Ian Osborne Director, Business to Business, Intellect

The standards landscape in cloud

Standardised SLAs: how far can we go? DIHC, Euro-Par 2013, Aachan John Kennedy Intel Labs Europe

ISO/IEC JTC 1 SC 38 Cloud Works & Issues

White Paper on CLOUD COMPUTING

Cloud Computing Actionable Standards An Overview of Cloud Specifications

From Green Hosting to Cloud Computing

Interoperability in Cloud Federations

Cloud Computing Standards: Overview and ITU-T positioning

Cloud Standards - A Telco Perspective

ITU- T Focus Group Cloud Compu2ng

Lifting the Fog Around Cloud Computing. Eric A. Hibbard, CISSP-ISSAP, ISSEP, ISSMP, CISA CTO Security & Privacy Hitachi Data systems

ISO/IEC JTC 1/SC 38 N 282

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab

The role of standards in driving cloud computing adoption

2 nd Training SPRERS, November 2011, Timisoara. Dana PETCU,

Web Application Hosting Cloud Solution Architecture.

Lecture 02b Cloud Computing II

Cloud up to business processes

Cloud Standardization, Compliance and Certification. Class 2012 event 25.rd of October 2012 Dalibor Baskovc, CEO Zavod e-oblak

Interoperability & Portability for Cloud Computing: A Guide.

Wayne M. Adams Board of Directors, Chairman Mark Carlson SNIA Cloud TWG Chair and Technical Council Member

Cloud standards: Ready for Prime Time. CloudWatch webinar: Standards ready for prime time (part 2) 1

Cloud Computing Security. Belmont Chia Data Center Solutions Architect

Software as a Service (SaaS) and Platform as a Service (PaaS) (ENCS 691K Chapter 1)

EEDC34330 Execution Environments for Scientific Cloud Distributed Interoperability Computing Javier Álvarez

How To Build A Cloud Platform

TECHNOLOGY TRANSFER PRESENTS MAX DOLGICER CLOUD 2.0 MOVING FROM COST SAVINGS TO AGILE IT

Open Source Is the Key to Cloud Computing

Towards the Cloud! Ian Osborne Director, Digital Systems KTN, Intellect

A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

Why Cloud Standards Matter

Security in the Green Cloud

Public Cloud Workshop Offerings

OpenNebula Leading Innovation in Cloud Computing Management

It s All About Cloud Key Concepts, Players, Platforms And Technologies

A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY

Customer Cloud Architecture for Mobile.

Enterprise Cloud Computing Standards, Innovation & Shifts

TBR. Open Standards Are Dissolving Cloud Silos. May Author: Elizabeth Hedstrom Henlin, Software Analyst

IaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures

SECURE CLOUD COMPUTING

Geoff Raines Cloud Engineer

Cloud Standards and Security

A HYPE-FREE STROLL THROUGH CLOUD STORAGE SECURITY

Standards in the RESERVOIR Project

TECHNOLOGY TRANSFER PRESENTS MAX DOLGICER IT S ALL ABOUT CLOUD CONCEPTS, STRATEGIES, ARCHITECTURES, PLAYERS, AND TECHNOLOGIES

Cloud Computing Technology

2) Xen Hypervisor 3) UEC

Interoperability and Portability for Cloud Computing: A Guide

Interoperable Clouds

An Analysis of Cloud Interoperability Standards onvarious Service Models

Cloud Computing (f)or Grid Security

Latest in Cloud Computing Standards. Eric A. Hibbard, CISSP, ISSAP, ISSEP, ISSMP, CISA CTO Security & Privacy Hitachi Data systems

Cloud Essentials for Architects using OpenStack

Cloud Computing The Evolution of IT

Cloud Standards Coordination Final Report November 2013 VERSION 1.0

How To Manage Security In The Cloud

Security Issues in Cloud Computing

CloudFTP: A free Storage Cloud

Cloud computing: the state of the art and challenges. Jānis Kampars Riga Technical University

SWiFT 10:2012. Adopting the Cloud - decision support for cloud computing

Cloud Security Alliance and Standards. Jim Reavis Executive Director March 2012

Cloud Standards. Sam Johnston Google Zürich

NetApp, Standards & Open Source

Cloud Tech Solution at T-Systems International Cloud Integration Center

Security standards for cloud usage

Certified Cloud Computing Professional VS-1067

Oracle Applications and Cloud Computing - Future Direction

ca IT Leaders Forum Working in the Cloud using the new ISO/IEC/ITU-T Cloud Computing Standards Dr David Ross, Chief Information Security Officer,

The Future of Cloud Computing: Elasticity, Legacy Support, Interoperability and Quality of Service

Future of Cloud Computing. Irena Bojanova, Ph.D. UMUC, NIST

I D C T E C H N O L O G Y S P O T L I G H T. P o r t a b i lity: C h a r t i n g t h e Path T ow ard the Open Hyb r i d C l o u d

The New Style of IT. Rob McMahon. Director Cloud Computing HP General Western Europe

Electronic Records Storage Options and Overview

Managing the Performance of Clouds and Cloud Based Applications

24/11/14. During this course. Internet is everywhere. Frequency barrier hit. Management costs increase. Advanced Distributed Systems Cloud Computing

Novel Network Computing Paradigms (I)

Escaping Vendor Lock-in with TOSCA, an Emerging Cloud Standard for Portability

Using Open Standards for Interoperability

The Sprawl of Cloud Services & Data Everywhere in an Enterprise

5 TIPS FOR MS AZURE NEWCOMERS

Lecture 02a Cloud Computing I

Expert Reference Series of White Papers. Understanding NIST s Cloud Computing Reference Architecture: Part II

Cloud Services Overview

Copyright 2010 NTT DATA AgileNet L.L.C. 12/06/2010 NTT DATA Agilenet L.L.C. Kenji Motohashi

September 2009 Cloud Storage for Cloud Computing

DMTF TELCO WORKING GROUP ON CLOUD MANAGEMENT AND VIRTUAL NETWORK. Alex Zhdankin, Cisco Systems

Cloud Lock In Naveen Nimmu Clouber.io

Open Data Center Alliance Usage: VIRTUAL MACHINE (VM) INTEROPERABILITY IN A HYBRID CLOUD ENVIRONMENT REV. 1.1

Business applications:

A Strawman Model. NIST Cloud Computing Reference Architecture and Taxonomy Working Group. January 3, 2011

Securing Data While Leveraging Virtualized and Cloud Storage

Standardization in Cloud Computing

Navigating The World of Cloud Computing

Cloud Trends & Security Challenges

Cloud Computing in Action - for Better Service and Better Life

Have We Really Understood the Cloud Yet?

Proactively Secure Your Cloud Computing Platform

Transcription:

Navigating Cloud Standards David Bicket Director m-assure Limited dpb@19770.org Acknowledgements: Kate Craig-Wood, Memset Ian Osborne, Intellect, ICT KTN, CIF Standards Chairman

Learning objectives What standards are appropriate for Cloud service providers and cloud service users? Which programmes exist for technical, security, interoperability and commercial trust? What is the landscape looking like for the evolution of standards and best practice.

The great things about standards is that there are so many to choose from.

A caveat Few clear cloud standards have yet emerged But some bodies clearly have more authority Many APIs in use, many standards being designed Some defacto standards are emerging Lots of M&A activity and vested commercial interests further muddying the water Only selection of standards and technologies covered in this presentation Hopefully those that are most important / pertinent!

Approach / contents Review principal conceptual standards Overview of cloud standards initiatives Cloud computing definition, vocabulary & reference architecture Review currently applied operational standards Quality & operational: ISO 9001, ISO 17203, CIF, Uptime Institute Environmental: ISO 14001, PAS 2060, EU CoC DC Security: ISO 27001, CESG BIL s, PCI DSS Highlight principal technologies in use Virtualization, IaaS & PaaS technologies Application Programming Interfaces (APIs) Emerging de-facto standards

Part one Conceptual Standards

Cloud computing standardization initiatives Open Grid Forum (OGF) Cloud Computing Interoperability Forum (CCIF) Distributed Management Task Force (DMTF) Cloud Security Alliance (CSA) ETSI TC Cloud * Org for Advancement of Structured Information Standards (OASIS) Object Management Group (OMG) Storage Networking Industry Association (SNIA) ITU-T Focus Group on Cloud Computing Cloud Computing Forum (CCF - Korea) Korea Cloud Service Assn (KCSA) The Open Group European Network and Information Security Agency (ENISA) ISO/IEC JTC1 SC7 System and Software Engineering ISO/IEC JTC1 SC27 Security ISO/IEC JTC1 SC38 WG3 Cloud * Institute of Electrical & Electronic Engineers Standards Assoc (IEEE- SA) China Electronics Standardization Institute (CESI) Cloud Industry Forum (CIF) OSGi Alliance Open Data Center Alliance (ODCA) Japan Cloud Consortium

International Standards Organization (ISO/IEC) Generalized operational management systems 9001,14001,27001, 20000-1 DMTF s Open Virtualization Format (OVF) now ISO/IEC 17203 SC38: Distributed application platforms and services (DAPS) Vocabulary Reference Architecture

Part two Operational Standards

Quality standards Quality Management System (ISO 9001) Generalized but still applicable Uptime institute tiering & TIA-942 Data centre specific ISO SC38 - Distributed apps, platforms & services OVF / ISO 17203 Web services interoperability standards x 3 Debatable how much value ISO add in a fast-moving space! Cloud Industry Forum Code of Practice

Environmental standards Environmental management system ISO 14001 Generalized but applicable Carbon Neutral / PAS 2060 Generalized. Increasingly popular EU Code of Conduct for data centers Data-centre specific. Voluntary and common sense! LEED (buildings) Building-specific and arguably less relevant

Security standards ISO 27001 Highly applicable if done correctly PCI DSS Mainly focused on card transactions but of value Uptime institute tiering system Data-centre specific G-Cloud Business Impact Levels (BIL) Very relevant one to watch!

CIF code of practice Transparency Ownership, people Migration paths Commercial terms Capability Management systems Resources Continuity Accountability Complaint resolution

Part three Technical Standards Highlights only. See other on-line presentations for more information on this topic. References at end of deck.

IaaS vs. PaaS vs. SaaS - layering

Application Programmatic Interfaces (APIs) De-facto standards emerging for IaaS Different for compute and storage Open ones tend to be RESTful Eg. OpenStack, OCCi More Web 2.0 Closed / payware ones tend to be XML Eg. Amazon (SOAP), vcloud API provides introspection capability Provider often supplies libraries

IaaS compute APIs Common IaaS compute methods: Create new instances from specified image Start / stop / reboot instances Destroy instances List all/get details about hardware profiles List all/get details about realms/images etc Lack of standardization around: Importing / creating new VM images (OVF will help) Management of peripheral infrastructure (e.g.. network, firewall)

IaaS storage APIs Common IaaS storage methods: Create new container Update/delete container Create new object Update/delete object Read/write object attributes Read/write individual object attributes Lack of standardization around: Content Delivery Network services Quality of service (durability, availability etc)

Principal IaaS APIs Amazon Web Services Elastic Compute Cloud (EC2) & Simple Storage Service (S3) Defacto standards, most widely used OpenStack consortium Compute & Object Storage APIs and software Industry s answer to Amazon Open Grid Forum s (OGF) Open Cloud Computing Interface (OCCi) Somewhat academic approach but has traction with EC / FP7 DMTF's OVM, now ISO/IEC 1720 Description of a VM, not an API

Defacto standards for VM resources EC2-like ratios of RAM:CPU:disk becoming the norm: 1 / 2 / 4 / 8 x 1.4 GHz Xeon core 2 / 4 / 8 / 16 Gbytes RAM 160 / 320 / 640 / 1280 Gbytes disk Different hypervisors make relatively little difference Technologies available for portability Interoperability is almost there! Little standardization around network layer But some convergence in approaches from main players

Defacto standards for storage Most are object stores, not file systems Restrict options Can t do incremental updates (e.g.. rsync) Limited meta data (timestamps etc) Amazon s billing most comprehensive, but most: Per-GB stored Per-GB transferred out Durability becoming standard measure of resilience Probability of any one object being lost per year. E.g.. 99.999999% durability means that any individual object has a 0.000001%, or 1 in 100,000,000 chance of being lost.

PaaS standards / common features Less standardization than IaaS Lots of languages, lots of vendors vying for position Rage of approaches to billing per-user, per-thread, per-trans. etc Many are auto-scaling (but not all) Main benefit of PaaS arguably should be auto-scaling! Therefore less need for APIs though some have (e.g. Azure) Many include abstracted messaging & data base Easy to use / transparent, but also means vendor lock-in! Greatest standardization around code deployment Most use command line tools to deploy code straight from repositories such as SVN, GIT etc.

SaaS standards / common features Limited options for broad standardization Can only really do among similar types of software Not in vendors interests though! Billing tends to be per-user per-day/month/year Some application-specific data schemas E.g. accountancy information Authentication is ripe for standardization though OAuth looking interesting

Resources /cif-and-cloud-standards Ian Osborne, Chair, CIF Standards Committee Other presentations on this topic Kate Craig-Wood, Memset Kate Craig Wood- Speaking @ Cloud Expo Olympia 26-01-12- Full version http://www.youtube.com/watch?v=ltohjouxkyg Ian Osborne, Intellect, ICT KTN BrightTALK webinar http://www.brighttalk.com/webcast/1367/49035

Q&A

Thank you info@cloudindustryforum.org

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information