Soovitusi pilvtöötluse standardite kasutuselevõtuks eestis

Soovitusi pilvtöötluse standardite kasutuselevõtuks Eestis Pilvtöötlus Eestis / Cloud for Europe teabepäev 27. november 2014, TTÜ Mektory

Taavi Valdlo

EVS/TK4 sekretär taavi.valdlo@smail.ee

Teemad  Pilvtöötluse põhimõistete allikad  Pilveteenused ja teenusemudelid  ISO/IEC JTC1/SC38 kui juhtiv tehniline komitee

 Pilvtöötluse standardiorganisatsioonid ja

standardid  Pilvtöötluse standarditega seotud analüüse ja

aruandeid  Standardeid EVS/TK4 2015 a töökavasse

USA kogemus ja määratlused  Special Publication 800-145. The NIST Definition of Cloud Computing (September 2011) http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf

 USA standardiorganisatsiooni NIST materjalid

http://www.nist.gov/itl/cloud/publications.cfm  IEEE http://cloudcomputing.ieee.org/standards  USA avaliku sektori portaal http://cloud.cio.gov/  Turvalisuse programm FedRAMP

http://cloud.cio.gov/fedramp

Open cloud manifesto  What is Cloud Computing and Why is it Important? 

Scalability on Demand



Streamlining the Data Center



Improving Business Processes



Minimizing Startup Costs

 Challenges and Barriers to Adoption 

Security



Data and Application Interoperability



Data and Application Portability

http://gevaperry.typepad.com/Open%20Cloud%20Manifesto%20v1.0.9.pdf

Pilveteenused (1)  Communications as a Service (CaaS)  Compute as a Service (CompaaS)  Data Storage as a Service (DSaaS)

 Infrastructure as a Service (IaaS)  Network as a Service (NaaS) Platform as a Service (PaaS)  Software as a Service (SaaS) Hardware as a Service (HaaS)

Database as a Service (DBaaS)

Pilveteenused (2) Desktop as a Service (DaaS) Email as a Service (EaaS) Identity as a Service (IDaaS)

Integration platform as a service (iPaaS) Cloud Management as a Service (CMaaS) Security as a Service (SaaS)

Disaster recovery as a service (DRaaS) Managed Cloud as a Service (MCaaS) Business Process as a Service (BPaaS)

Watson as a Service (WaaS) Everything as a service (XaaS)

Allikas:http://www.cob.sjsu.edu/nellen_a/CloudComputing1-10-13_RW_ND.pdf

Pilvtöötluse teenuseülesed aspektid (1)  Pilveteenuse elutsükli haldus  Arveldus  Auditeeritavus  Käideldavus

 Valitsemine  Koosvõime

 Porditavus  Suutvus, jõudlus

Pilvtöötluse teenuseülesed aspektid (2)  Haldus, sh versioonihaldus  Pääsuhaldus, volitused

 Isikuga seotud andmete kaitse, privaatsus  Turvalisus

 Tõhusus, kuluefektiivsus  Vastavus õigusaktide nõuetele  Teenusetaseme lepingud  Teenuse kvaliteet

Pilveäri aspekte  Rollid ekosüsteemis (kes?)

 Ärimudelid (kuidas?)  Sotsiaalmajanduslik jm põhjendus, ärikasu (miks?)  Trendid ja lubadused  

tõhususe/tootlikkuse lisandumine (sellest kulukokkuhoid) paindlikkus ja skaleeritavus

 Kellele kanaliseerivad kasud?  Riskid: majanduslikud, strateegilised, teenuste olemasolu/pakkumine ja

käideldavus, infoturve. Kontroll andmete üle, Õiguslikud riskid ja piirangud  Vari IT  IT kaubastumine  BYOD poliitika

ISO/IEC JTC1/SC 38 nimetuse ja käsitlusala muutmise ettepanek  Titel: Cloud Computing and Distributed Platforms

(CCDP) Scope: Standardization in the area of Cloud Computing and Distributed Platforms including but not limited to: 

Service Oriented Architecture (SOA)



Service Level Agreement



Interoperability and Portability



Data and their Flow Across Devices and Cloud Services

Seni nimetus: "Distributed application platforms and services (DAPS)"

SC 38 töörühmad Töörühm, WG

Nimetus

Staatus

WG 1

Web Services

Lõpetanud tegevuse

WG 2

Service Oriented Architecture (SOA)

WG 3

Cloud Computing Service Level Agreements (CCSLA)

Muudatused nimetuses ja käsitlusalas

WG 4

Cloud Computing Interoperability and Portability (CCIP)

Uus töörühm

WG 5

Cloud Computing Data and its Flow (CCDF)

Uus töörühm

SC38 projektid WG

Projekt

Nimetus

Staatus

2

ISO/IEC 18384-1

Information technology – Reference Architecture for Service Oriented Architecture (SOA) – Part 1: Terminology and Concepts for SOA

DIS

2

ISO/IEC 18384-2

Information Technology – Reference Architecture for Service Oriented Architecture (SOA) – Part 2: Reference Architecture for SOA Solutions

DIS

2

ISO/IEC 18384-3

Information technology – Reference Architecture for Service Oriented Architecture (SOA) – Part 3: SOA Ontology

DIS

3

ISO/IEC 19086-1

Information Technology - Cloud Computing – Service Level Agreement (SLA) Framework – Part 1 : Overview and Concepts

CD ballot

3

ISO/IEC 19086-2

Information Technology - Cloud Computing – Service Level Agreement (SLA) Framework – Part 2 : Metrics

WD in progress

3

ISO/IEC 19086-3

Information Technology - Cloud Computing – Service Level Agreement (SLA) Framework – Part 3 : Core Conformance Requirements

WD in progress

4

ISO/IEC 19941

Information Technology – Cloud Computing – Interoperability and Portability

Pre-WD

5

ISO/IEC 19944

Information Technology – Cloud Computing – Data and their Flow Across Devices and Cloud Services

Pre-WD

Ilmunud pilvtöötluse alusstandardid

 ITU-T Y.3500 | ISO/IEC 17788:2014 Cloud

Computing Overview and Vocabulary  ITU-T Y.3502 | ISO/IEC 17789:2014 Cloud

Computing Reference Architecture ITU-T Y-seeria soovitused: http://www.itu.int/ITU-T/recommendations/index.aspx?ser=Y

Pilvtöötluse standardid on kättesaadavad numeratsiooniga Y.3500-Y.3999: Cloud Computing

ISO/IEC JTC1/SC27 pilvtöötluse turbestandardeid  ISO/IEC 27018:2014 Information technology -- Security techniques --

Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors  ISO/IEC DIS 27017 Information technology -- Security techniques --

Code of practice for information security controls based on ISO/IEC 27002 for cloud services  ISO/IEC WD 27036-4 Information technology -- Information security for

supplier relationships -- Part 4: Guidelines for security of Cloud services  Study periods 

Cloud Computing Security Components Proposal



Cloud security assessment and audit



Cloud adapted Risk Management Framework (CRMF)

Muude JTC1 alamkomiteede pilvestandardeid  Süsteemitehnika vaade: ISO/IEC JTC1/SC7 Tarkvaratehnika on

samuti pilvtöötluse teemal aktiivne, kuid vaatab teemale laiemalt, süsteemse lähenemise kontekstis ja seni otseselt pilvestandardeid koostanud ei ole.  JTC1 üldtase 

DIS ISO/IEC 19831 Cloud Infrastructure Management Interface (CIMI) Model and RESTful HTTP-based Protocol — An Interface for Managing Cloud Infrastructure

http://dmtf.org/sites/default/files/standards/documents/DSP0263_1.0.1.pdf

 Teenuste vaade: ISO/IEC JTC 001/SC 40 "IT Service Management

and IT Governance" 

ISO/IEC TR 20000-9 Information technology -- Service management -Part 9: Guidance on the application of ISO/IEC 20000-1 to cloud services



WD Governance of Cloud Computing

OASIS pilvtöötluse standardeid  Identity in the Cloud Use Cases Version 1.0  Cloud Application Management for Platforms

(CAMP) TC  Cloud Application Management for Platforms

Version 1.1  Topology and Orchestration Specification for

Cloud Applications (TOSCA) Version 1.0 Allikas: https://www.oasis-open.org/committees/tc_cat.php?cat=cloud

EL pilvtöötluse starteegia 1.põhimeede: standardite rägastiku korrastamine

“Pilvandmetehnoloogia kasutuselevõtule aitab kaasa ulatuslikum standardite kasutamine, pilveteenuste sertifitseerimine, millega kinnitatakse teenuste vastamist standarditele, ning reguleerivate asutuste heakskiit sellistele sertifikaatidele kui õiguslike kohustuste täitmise tõendusele.”

Kasuta standardit, kasuta minu standardit. Oleme kokku leppinud

Pilvtöötluse standarditega seotud analüüse ja aruandeid (1)  ITU Activities in Cloud Computing Standardization Repository

http://www.itu.int/dms_pub/itu-t/oth/49/01/T49010000020002PDFE.pdf  C4E projekti aruanne D3.1 - Standards, normalization and certifications

associated http://www.cloudforeurope.eu/documents/10179/40740/Standards%2C+n ormalisation+and+certifications+associated/cc0bddda-9ff7-4918-812b7205cac49b05?version=1.0  ETSI pilvestandardimise koordineerimise portaali aruanne

http://csc.etsi.org/website/home.aspx 

EU Analysis of cloud best practices and pilots for the public sector http://ec.europa.eu/digital-agenda/en/news/analysis-cloud-best-practicesand-pilots-public-sector

 OMG Cloud Standards Customer Council materjalid

http://www.cloudstandardscustomercouncil.org/resourcehub.htm#assessing-cloud-performance-requirements

Pilvtöötluse standarditega seotud analüüse ja aruandeid (2)  ENISA aruanded 

Security & Resilience in Governmental Clouds http://www.enisa.europa.eu/activities/risk-management/emerging-andfuture-risk/deliverables/security-and-resilience-in-governmentalclouds/at_download/fullReport



Critical Cloud Computing http://www.enisa.europa.eu/activities/Resilience-and-CIIP/cloudcomputing/critical-cloud-computing/at_download/fullReport

 Cloud Service Level Agreement Standardisation Guidelines

https://www.huntonprivacyblog.com/2014/07/articles/europeancommission-issues-cloud-service-level-agreement-standardizationguidelines/  ITU-T aruanne Privacy in Cloud Computing, Technology Watch Report,

March 2012 http://www.itu.int/dms_pub/itu-t/oth/23/01/T23010000160001PDFE.pdf

EVS/TK4 osalemine ametlikus standardimises Täisliikmena  ISO/IEC JTC1/SC27 Infoturbe meetodid

 CEN IT valdkonna tehnilised komiteed

Vaatlejaliikmena  ISO/IEC JTC1 üldtase  JTC1 alamkomiteed  JTC1/SC2 Kooditabelid  JTC1/ SC7 Tarkvaratehnika  JTC1/SC17 ID-kaardid  ISO TC211 Geoinformaatika

Eesti peaks astuma SC38 liikmeks

Standardeid EVS/TK4 2015 a töökavasse

 Ettepanek võtta tõlkemeetodil üle Eesti

standardiks 

ISO/IEC 17788:2014 Cloud Computing Overview and Vocabulary



ISO/IEC 17789:2014 Cloud Computing Reference Architecture

Kuidas standarditega edasi?

Smart city as set of Internets

Allikas: www.thepowerofplace.biz/wp-content/uploads/2013/06/smart-city.jpg

Suur t채nu platvormi eest! Eesti k천ige pilveteadlikumaks riigiks!