When cloud services are running smoothly and the service level agreements (SLAs) are in place, businesses, enterprises, and agencies may want to transfer cloud-stored data to a different provider (for example, IBM® SmartCloud), but discover they can't for several reasons. One that comes to mind occurs when the API calls that were used to store the data in a cloud require the data to be in a format that is not compatible or interoperable with the data format required by API calls that a different provider uses to store the data in the cloud.
The business is then faced with a data transfer failure caused by a failure to compare data storage formats employed by different providers before it selected a provider to host a cloud service. (One potential way to ameliorate the damages is to negotiate with the provider to allow more flexibility in transferring data to a different provider. This includes changing code to the provider's cloud service API calls.)
Cloud customers deserve more than just interoperable APIs; they need cloud service standards to ensure interoperability for all the cloud delivery models:
- Infrastructure as a Service: Virtual machines that work for the IaaS hosted by one provider to be compatible with the virtual machines that work for IaaS hosted by another provider.
- Platform as a Service: Platforms that work on one IaaS to be compatible with any PaaS that works on another IaaS.
- Software as a Service: Applications developed on a PaaS to work on a compatible PaaS.
To help you get started in making these determinations, this article provides a list of interoperability standards expectations a provider or consumer of cloud services should expect. Then it dives deeper into the organizations that are carving out standards on the various aspects of cloud services so that you can visit the appropriate ones for your needs and use their resources as interoperability tools. You may even want to get involved in the communities surrounding them and contribute to the evolution of the standards.
Cloud service customer expectations
A cloud customer (consumer or provider of applications, platform, or infrastructure services) should be able to expect reasonable interoperability in the following areas:
- Delivery model interoperability: Especially IaaS-to-IaaS and PaaS-to-PaaS.
- Cloud-based interfacing and interactions: For example, interaction between cloud and non-cloud systems.
- Service-oriented architectures and other web services: Support for interoperability between cloud systems and SOA reference architectures, infrastructure frameworks, and integration models.
- Enterprise IT management systems: Standards to keep disparate IT products acting like they are one happy family.
- Storage: Systems that manage the archiving and access for data; this can be a critical function since some of this data can be a resource that enables the function of a cloud application.
- Security: Interoperability with protocols and utilities that manage such cloud security issues like message queuing, identity and authentication, and infrastructure topology and application orchestration configurations.
- Transitioning: The tools an organization uses to transition applications (or even the entire IT environment) to the cloud should be standards-based too.
- A user-oriented arbiter: If a very large organization that is theoretically controlled by its users (federal governments, for instance) were to establish cloud interoperability standards, it would ease the "pain" some cloud product manufacturers feel when engineering (re-engineering?) their products for interoperability knowing that a large chunk of the market is mandated to accept a standard.
Interoperability is most easily established by the creation, adoption, and refinement of standards.
Cloud service standards organizations
In an attempt to close the gaps in cloud service standards, a variety of organizations have sprung up to push for standardization or publish standards (approved or draft). They are structured to meet customer expectations on:
- Vendor-agnostic cloud service standards as the organization's main focus.
- Working groups on cloud computing within standard industry organizations.
- Cloud service standards by standard information technology organizations.
Organizations that offer best practices of standard terminology and values for SLA are meeting customer expectations to push for SLA management standardization. They are more or less advocates for the customers and providers.
- Organizations focusing on open cloud service standards are the OpenStack Foundation, Open Grid Forum, and The Open Group.
- Standard industry organizations that have established working groups on cloud computing are the Distributed Management Task Force (DMTF) and the Storage Network Institute Association (SNIA). DMTF's Cloud Management Workgroup and SNIA's Cloud Storage Technical Work Group specify standard interfaces to cloud computing.
- Standard information technology organizations that offer approved or working cloud computing standards are the National Institute of Science and Technology (NIST) and OASIS (Organization for the Advancement of Structured Information Standards). NIST published the de facto cloud computing definition; OASIS is advancing cloud computing standard drafts.
- User advocacy organizations that offer best practices on SLA management are the TM Forum and the Cloud Service Customer Council.
Standard terminology and values for SLA are emerging but as of the writing of this article, do not exist.
Let's look at some of those organizations and the tools they offer in depth.
OpenStack Foundation: Get one IaaS to talk to another
Prospective and current cloud service customers expect an open cloud service standard to allow one IaaS to fully interoperate with another IaaS hosted by another provider. OpenStack Foundation has taken proactive steps to meet their expectations.
Let's take a little more closer look at what OpenStack Foundation is about and what they are doing to standardize the IaaS.
OpenStack Foundation oversees OpenStack, an IaaS cloud computing project that integrates code from NASA's Nebula platform with Rackspace's platform. Developers and cloud computing technologists collaborate globally to produce open source cloud computing platform for public and private clouds. Code changes to this project are contributed by members of the OpenStack Foundation that was spun off in 2011 from Rackspace. In April 2012, IBM and Red Hat agreed to join the foundation as platinum members, meaning they will contribute $500,000 a year for the next three years. The companies will contribute software code changes. Other companies planning to sign on or already have planned to sign on as platinum members include AT&T, Canonical, HP, Nebula, Rackspace, and SUSE .
OpenStack has a modular architecture that includes three components as part of the effort to standardize the IaaS. Each is given a code name.
- Compute (Nova): Provides open source software and standards for large-scale deployments of automatically provisioned virtual compute instances.
- Object Storage (Swift): Provides open source software and standards for large-scale, redundant storage of static objects.
- Image Service (Glance): Provides discovery, registration, and delivery services for virtual disk images.
- Open Stack Identity Management (Keystone): Provides unified authentication across all OpenStack projects and integrates with existing authentication systems.
- User Interface Dashboard (Horizon): Enables administrators and users to access and provision cloud-based resources through a self-service portal.
Open Grid Forum: Cloud interfacing and interaction
Cloud service customers expect open cloud computing interfaces. Open Grid Forum (OGF) has met their expectations by publishing a cloud interface standard.
The OGF is a standards development organization operating in the areas of grid, cloud, and related forms of advanced distributed computing. It taken proactive actions by approving and publishing the Open Cloud Computing Interface (OCCI) standard that provides specifications of cloud-based interactions. This interface has been used to solve a broad variety of problems in cloud computing such as scientific data processing, drug discovery, cancer research, financial risk analysis, visualization and product design.
The OCCI provides a protocol and API design components for all kinds of cloud management tasks. The work was originally initiated to create a remote management API for IaaS-based service. The current release of the OCCI is suitable to serve the PaaS and SaaS models, as well.
Note that grid computing requires the use of software that can divide and farm out pieces of a program as one large system image to several thousand computers. One concern about grid is that if one piece of the software on a node fails, other pieces on other nodes may fail. The proactive action to take is to ensure all pieces of the software can failover from one node to another.
Open Group: Standardize IaaS to support SOA
Cloud service customers expect an IaaS to support services-oriented architectures (SOA). The Open Group is another organization with an effort to standardize IaaS. The Open Group published three standards to help organizations that are building IaaS offerings and service oriented architectures (SOA). They are:
- Service Oriented Cloud Computing Infrastructure Framework (SOCCI)
- Service Oriented Architecture Reference Architecture (SOA RA)
- Open Group Service Integration Maturity Model (OSIMM)
The SOCCI provides building blocks for infrastructures to support SOA and cloud initiatives. IBM's role was to co-chair this project. The other chairman was HP.
The SOA RA provides a blueprint for creating and evaluating SOA offerings on the IaaS. IBM's role was to provide significant inputs in the 200-page guide on this standard.
The OSIMM provides a framework for assessing the SOA maturity level of an organization. IBM has its own version of maturity model: IBM Service Integration Maturity Model.
Remember, not all IaaS implementations are used to support SOAs.
Distributed Management Task Force: From incubator to working group
Cloud service customers expect open computing standards from working groups within the industry organization, such as the DMTF. This organization develops, maintains, and promotes standards for systems management in enterprise IT environments. DMTF helps enable systems management interoperability between IT products from different manufacturers or companies.
DMTF's Open Cloud Standards Incubator focuses on standardizing interactions between cloud environments by developing cloud management use cases, architectures, and interactions. This work was completed in July 2010. DMTF's cloud standards development work is now being handled by the Cloud Management Workgroup (CMWG) and the Cloud Auditing Data Federation Workgroup (CADF WG).
The CMWG develops specifications to allow interoperability management of clouds between service provider requesters, developers and providers. It publishes The Cloud Infrastructure Management Interface (CIMI) as a Work-In-Progress Draft that defines a model for managing resources within the IaaS. It can be used to create a new virtual machine, add a volume to the machine, and define machine templates via a cloud entry point.
The CADF WG develops open standards for federating cloud audit information to help cloud provider to produce and share specific audit event, log, and report information. These reports and logs include information needed to classify and tag events based on compliance control domains and frameworks (such as ISO 27002, PCI DSS, COBIT, etc.).
Storage Network Industry Association: The evermore critical cloud storage standard
Cloud service customers expect technical work groups on cloud computing interface standards on cloud storage. One example is the nonprofit Storage Network Industry Association. Since 1997, this organization has been involved with storage standards. In an effort to develop system standards for cloud storage, SNIA proactively created The Cloud Storage Technical Work Group (TWG). The good news is that it published the Cloud Data Management Interface (CDMI) standard and extensions to this standard.
The standard interface spells out how applications will use to create, retrieve, update and delete data elements from the cloud that each service provider would offer in APIs. This interface helps the client find out what the cloud storage capabilities are, manage containers and the data that is placed in them, and set metadata on containers and their contained data elements.
The administrative and management applications can use the interface to manage containers, accounts, security access, billing information, and storage that is accessible by other protocols.
The Cloud Storage TWG is publishing individual extensions to the CDMI standard to add new functionality before the next release of CDMI (after interoperable implementations have been successfully tested).
The TWG provides documentations on system-level requirements and attempts to share these with other cloud storage standards organizations in cooperation with the SNIA Strategic Alliances committee.
Organization for the Advancement of Structured Information Standards: Advancing cloud security standards
Cloud service customers expect open security standards for information technology, including for cloud computing. Examples include those standards advanced by the Organization for the Advancement of Structured Information (OASIS). OASIS has established three Technical Committees (TC) to prepare drafts of cloud security standards. They are:
- Advanced Message Queuing Protocol (AMQP)
- Identity in the Cloud (IDCloud)
- Topology and Orchestration Specification for Cloud Applications (TOSCA)
The AMQP TC advances a protocol to help organizations lower the cost of enterprise middleware software integrations through open interoperability. With this protocol, the organizations can transport more easily and more securely between applications, such as IBM WebSphere® MQ (MQ Series), among organizations, across distributed cloud computing environments, and within mobile infrastructures.
The IDCloud TC addresses the security challenges posed by identity management in cloud computing. The TC determines the need for achieving interoperability within current identity standards. It performs risk and threat analyses on collected use cases and produces guidelines for mitigating vulnerabilities. IBM is a member of this committee.
The TOSCA TC aims to increase service and application portability by enabling portable deployment to any compliant cloud, smoother migration of existing applications to the cloud, flexible bursting (consumer choice), and dynamic, multi-cloud provider applications. Portability is accomplished by enabling the interoperability of infrastructure cloud services, relationships between parts of the service, and behavior of these services (for example, deploy, patch, shutdown).
TM Forum: Best practice SLAs for multiple partners
Cloud service customers and providers expect standard terminologies and values for SLA regarding service quality, priorities, and responsibilities. TM Forum's Cloud & New Services Initiative is focusing on leveraging best practices (for topics such as service level agreement management) and standards (Frameworx) to further enable the cloud marketplace. TM emphasizes standards as an enabler of an open marketplace.
TM Forum defines SLAs as expectations among two or more parties regarding service quality, priorities, and responsibilities. While SLAs have traditionally been a contract between a service provider and an enterprise customer, the expanding value chain for new-generation services has made SLAs important for a myriad of partnerships, including:
- Service Provider to Cloud End User
- Service Provider to Vendor
- Service Provider to Enterprise
- Enterprise to End User
- Service Provider to Enterprise
- Network Provider to Service Provider (a network access provider)
- Vendor to Network Provider, Service Provider, or Enterprise
- Content Provider to Content Aggregator or Advertiser
To compete successfully, companies must proactively manage the quality of their services. Since provisioning of those services is dependent on multiple partners, management of partner services SLAs become critical for success. SLAs are used to define and manage expectations among partners for performance, customer care, billing, service provisioning, and other business areas.
SLA management can also be used to assess predefined penalties when SLA parameters, such as failure to meet performance, timeline, or cost requirements, are not met. For example, if cloud computing downtime exceeds one hour, the penalty is a 10 percent rebate of service fees.
TMForum offers the Frameworx suite of standards to help service providers to assess and improve performance by using a service-oriented approach to operations and integration. They include Business Process Framework (eTOM), Information Framework (SID), Application Framework (TAM), Integration Framework and Business Metrics.
Cloud Service Customer Council: Emerging standard terminology for SLA
The Cloud Standards Customer Council (CSCC) is an OMG® end user advocacy group dedicated to accelerating cloud's successful adoption. It is not a standards organization, but complements existing cloud standards efforts. Open to all end-users organization, its founding sponsors are IBM, Kaavo, Rackspace and Software AG.
The Council focuses on the standards, security and interoperability issues surrounding the transition to the cloud. In particular, it is an advocate for standard terminology and values for cloud SLA. The cloud service SLA standard does not exist.
The Council views cloud SLAs as written expectations for service between cloud consumers and providers. It provides guidance to decision makers on what to expect and what to be aware of as they evaluate and compare end-user SLAs from cloud computing providers. The decision makers should also evaluate the SLAs that a cloud computing provider has with vendors, enterprise data centers, network providers, content providers, and others.
National Institute of Standards and Technology: De facto federal standard
Some cloud service customers expect de facto federal standards of a cloud computing definition. This standard definition as provided by the National Institute Standard and Technology (NIST) appears to be aimed in most cases toward government agencies which turn to the cloud in order to provide more efficient services to end users.
On September 2011, the NIST published the Definition of Cloud Computing in which cloud computing is defined as:
A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (network, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. NIST lists five essential characteristics of cloud computing:
- On-demand self-service
- Broad network access
- Resource pooling
- Rapid elasticity or expansion
- Measured service
NIST lists three service models: Software, Platform, and Infrastructure. It divides deployment models into four component areas: Private, Community, Public, and Hybrid.
On December 2011, NIST published Guidelines on Security and Privacy in Public Cloud Computing. On May 2012, NIST issued a draft copy of Cloud Computing Synopsis and Recommendations to describe the strengths and weaknesses of cloud computing.
What lies ahead for cloud standards?
We should keep in mind what the SaaS, PaaS, and IaaS customers expect from standard and user advocacy organizations when comparing providers. IaaS is not expected to be fully standardized for a few years. While best practices on SLA management have been offered to help decisions what to expect and what to be aware of when comparing SLAs, cloud computing standards and values for SLA are still emerging.
One direction to take would be to build a team of developers, managers, and business analysts — in other words, real-world experts — that would make it easier for standards bodies to help determine:
- What the gaps in cloud service standards are.
- How much we can close these gaps.
- How we can evolve SLA best practices into SLA standards.
Resources on topics from this article:
- Learn about new components for the OpenStack project
- A recent article on OpenStack and networking
- Learn more about information technology at OASIS
- Get more information about Distributed Management Task Force standards
- See what standards are available at Storage Network Technology Association.
- Explore TM Forum's best practices on the SLA
- Read Cloud Service Customer Council's Practical Guide to Cloud Service Level Agreements
- Look at summaries of cloud standards
The author has a number of article on building specific cloud policies (sort of her
"standards" on IT policy creation):
- Craft security policy for mobile devices
- Balance workload in a cloud environment: Use threshold policies to dynamically balance workload demands
- Cloud computing versus grid computing: Service types, similarities and differences, and things to consider
- Build proactive threshold policies on the cloud
- Cloud services: Mitigate risks, maintain availability
- Craft a cloud performance metrics policy
- In the developerWorks cloud developer resources, discover and share knowledge and experience of application and services developers building their projects for cloud deployment.
- Find out how to access IBM SmartCloud Enterprise.
Get products and technologies
- See the product images available for IBM SmartCloud Enterprise.
- Join a cloud computing group on developerWorks.
- Read all the great cloud blogs on developerWorks.
- Join the developerWorks community, a professional network and unified set of community tools for connecting, sharing, and collaborating.
Dig deeper into Cloud computing on developerWorks
Get samples, articles, product docs, and community resources to help build, deploy, and manage your cloud apps.
Complete cloud software, infrastructure, and platform knowledge.
Software development in the cloud. Register today to create a project.
Deploy public cloud instances in as few as 5 minutes. Try the SoftLayer public cloud instance for one month.