Cloud computing standardisation and industry consortium activities Tuomas Nurmela tuomas.nurmela@tieto.com tuomas.mt.nurmela@gmail.com
Disclaimer Comments express views of the presenter and do not necessarily that of the SFS SR-310 standards group in Finland (or ISO/IEC or ITU-T respective bodies for that matter)
27.11.2014 | 2
Contents • Background to international standards bodies collaboration • Cloud computing international standards (de jure) • International consortium technical standards • Views on national application for cloud computing standards (de jure)
27.11.2014 | 3
Background to international standards collaboration
27.11.2014 | 4
The many connotations of �cloud computing� Metaphor
Cloud computing Label
Model
Foundation needed, within a timeframe that avoids issue becoming irrelevant
27.11.2014 | 5
ISO SC38/WG3&ITU-T SG13/WG6 collaboration SR=Study Report
ISO
SC38/ Study Group
SR
WI=Work Item
SC38/ WG3
CT=Common text. Topics 1: Vocabulary 2: Reference Architecture
WI
ISO/IEC IS CD 17788
Collaborating Team
ITU
Focus Group on CC
SR
SG13/ WP6
17789
CT1
ITU-T Y.3500 Y.3502
Qx
http://www.itu.int/en/ITUT/focusgroups/cloud/Documents/FG-coud-technicalreport.zip
2010
2011
2013
2012
2014
Qx=Question X 6
27.11.2014 | 6
Standard relationships ISO/IEC 17788 – Cloud computing vocabulary (CCVOCAB)
ISO/IEC 17789 – Cloud Computing Reference architecture (CCRA)
Audience
General audience, cloud service users, cloud service providers and technology vendors
Cloud service providers, technology vendors, cloud service users, standardization specialists
Goals
Foundation for other work; common concepts; interoperability with other standards
Describe parties involved with cloud services as well as roles and relationships to technology (activities, functions and nonfunctional features)
Targets for use
Generic (e.g. procurement requirements, contracts), awareness training, standardization, architecture work
Cloud service product development and management, cloud service use, architecture work, standardization
27.11.2014 | 7
Cloud computing international standards
27.11.2014 | 8
Cloud computing vocabulary: the two levels of content
General Overview (non-normative)
Definitions (normative)
27.11.2014 | 9
General overview visualization Cloud Service Customer
Cloud Service Partner
Cloud Service Provider
Hybrid cloud Community cloud Communication as a service (CaaS)
Cloud Software Capabilities Type Cloud Platform Capabilities Type Cloud Infrastructure Capabilities Type Broad network access
Rapid Elasticity
Resource pooling
Public cloud
Software as a service (SaaS) Platform as a service (PaaS)
Infrastructure as a service (IaaS) Measured service Multitenancy
Network as a service (NaaS)
Private cloud
On-demand self-service
Cloud Roles Delivery model
Cloud Capabilities Types and Cloud Service Categories Key characteristics 27.11.2014 | 10
Definitions terminology visualization
27.11.2014 | 11
Data classes and ownership • Cloud Customer Data – Data objects stored to cloud service or created by customer – Customer control/ownership – E.g. documents, person identity information • Cloud Derived Data – Data objects derived as a result of interaction with the service by customer. Typically may be defined contractually. – Provider control/ownership – E.g: logs, profiling information • Cloud Provider Data – Data objects specific to operation of the cloud service – Provider control/ownership – E.g: platform configuration data, cost information 27.11.2014 | 12
Cloud computing reference architecture Activities, High level features (CCRA) Roles/subroles, embedded in • •
Parties, Aspects Scope
functional nonfunctional/multifunctional Cross-cutting concerns
27.11.2014 | 14
CCRA: use view
27.11.2014 | 16
CCRA: functional view Multi-layer functions
User layer User function
Business function
Administrator function
Access layer
Integration
Security systems
Operational support systems
Business support systems
Development support
Security integration
Authentication and identity management
Service catalogue
Product catalogue
Developer environment
Connection management
Access control
Provisioning
Monitoring integration
Service layer Service capabilities
Business capabilities
Service orchestration
Resource abstraction and control Physical resources
Service policy management
Account management
Subscription management
Build management
Service automation
Administration capabilities Service integration
Resource layer
Authorization and security policy management
Monitoring and reporting
Encryption management
Service level management
Incident and problem management Peer service integration
Billing
Accounts
Test management
Platform and virtualization management Peer service management
27.11.2014 | 17
Cross cutting concerns “behaviours or capabilities which need to be coordinated across roles and implemented consistently in a cloud computing system”
Institutional organization requirements
Customer Organization requirements
Provider Organization requirements
Cross-cutting concerns • Regulatory • Auditability • Protection of PII • • • • • • • • • •
Portability Interoperability Reversibility SLA Governance Security Availability Performance Resiliency Maintenance and versioning
27.11.2014 | 19
Road forward: ITU-T cloud computing Y.3501 requirements
CT Results
Y.3500 Vocabulary Y.3510 Infrastructure
Y.3511 Intercloud
Y.3512 NaaS
Y.3502 Ref. Arch. Y.3520 E2E res. mgmt
Y.3513 IaaS
Y.bigdata Cloudbased BDA Y.3503 DaaS
Key
Done Ongoing
Y.e2ecslm Lifecycle mgmt
Y.e2ecmrgb Resource mgmt model
27.11.2014 | 21
Road forward: ISO/IEC SC38 cloud computing CT Results
ISO/IEC 17788 Vocabulary
ISO/IEC 17789 Ref. Arch.
ISO/IEC 19086 Part1, SLA– Overview and concepts
19086 Part2 SLA– Metrics
ISO/IEC 19086 Part3, SLA– Core Requirements
ISO/IEC 190xx CC Interoperability and Portability ISO/IEC 190xx CCData and its Flow
Key
Done Ongoing
27.11.2014 | 22
International consortium Technical standards
27.11.2014 | 23
TOIMIALAKONSORTIOIDEN TEKNISET STANDARDIT
Teknisten standardien yleiskuva Key SaaS
Data management
Application data
Draft
Approved, Early phase
PaaS
Deployment management CAMP (OASIS)
Packaging and env. CAMP description
Approved, In products
(OASIS) TOSCA (OASIS)
IaaS
Resource OCCI CDMI Management (OGF) (SNIA)
CIMI 1.1 (DMTF)
Open Flow (ONF)
Interfaces
Resource CDMI models (SNIA) CIMI 1.1 (DMTF)
Data formats and Models 24
(security and interop domains out of scope)
Views on national application of standards
27.11.2014 | 29
Finnish Government Interoperability portal (yhteentoimivuus.fi) • Contains a standards portfolio (JHS-194) • In essense a distribution mechanism • Helps e.g. IT organization in new system development (possibly also procurement personnel)
27.11.2014 | 30
Finnish Government Data center and Capacity Strategy 2014 • Contains notion of ”below 10 IaaS and PaaS services” • Lists different operating system and database products that need to be supported Use CCVOCAB and CCRA to clarify discussion
27.11.2014 | 31
Information architecture support Structured taxonomy (ontology, terminology etc)
Reconsiliation mechanism
Company information architecture, vocabulary Unstructured folksonomy (e.g. flat vs. hierarchical vs. user • Controlled vocabulary / taxonomy as top-down boundary defined) enforcement • Folksonomy as bottom-up user innovation • Reconcialiation mechanism • Influences: product marketing messages, product and operations documentation 27.11.2014 | 32