January 29, 2015 | Written by: Heather Kreger
Share this post:
Cloud computing is an exciting and rapidly developing marketplace. New cloud services and new ways of using them seem to arrive almost daily. What has been difficult for cloud service customers, however, is that there has been a confusing set of varying terminology applied to offerings from different providers. There’s been no consistent way of describing cloud services and their components.
Last year saw the publication of two significant international standards for cloud computing: Cloud Computing Overview and Vocabulary (ISO/IEC 17788) and Cloud Computing Reference Architecture (ISO/IEC 17789). The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) produced these standards together with the ITU Telecommunication Standardization Sector (ITU-T).
Why are these standards important to us all?
The telecom view and the IT view of cloud computing reflect different perspectives which yield differences in the cloud terminology and reference architecture standards under development. Given WTO requirements, governments and companies would need to be able to support both IT and telecom and use of these standards in regulation and purchasing.
Conflicting standards would mean that regulation would have to be written for each industry and mapping between the different terms and concepts would create confusion.
There have been previous vendor neutral papers and specifications that aimed to create a common understanding – notably the NIST reference architecture and work in progress from The Open Group. ISO/IEC and ITU-T separately started developing independent terminology and cloud reference architectures. Cloud computing spans the domains of both organizations, given that network access to services running on computers is fundamental to cloud computing.
Fortunately, ISO/IEC and ITU-T agreed to work together to develop common cloud foundational standards that can be used by IT, telecommunications, governments, and businesses to help with the purchase of cloud services and create regulations. This collaborative effort encompasses cloud services globally, reflecting input from experts in over 30 countries and 50 companies and involves running the processes for both de jure organizations.
Despite the technical diversity, the presence of good and fair leadership in both groups meant production of a common standard in the impressively short period of just over a year. IBM is very much at the heart of these efforts. Because of this work, we now have a single standard definition of “cloud service” as well as the categories of cloud services. Now, for regulations and contracts, there is clarity which covers both the IT and Telecom spaces as well as cloud service providers and cloud service customers.
So, how do the standards meet the challenge of clarity and consistency? How do they help you get a better grip of cloud computing?
The Overview and Vocabulary introduces the fundamental ideas of cloud computing in a straightforward fashion. The concept of the cloud service is at the core – offered by cloud service providers and used by cloud service customers. The characteristics of cloud services are described – scalability and elasticity, network access, on-demand provisioning and use.
The deployment models possible for cloud services are described – public versus private, for example. The various categories of cloud services are discussed, in terms of the capabilities which they offer the customer – infrastructure capabilities or application capabilities to mention two. Important concepts such as multi-tenancy are also described.
The Cloud Computing Reference Architecture (CCRA) builds on the ideas of cloud computing in the Vocabulary. It introduces a set of roles, for customers and providers. Roles are described in terms of the sets of activities that they perform – a cloud service user naturally uses the cloud service – a very straightforward example!
The reference architecture goes further by describing the logical components that are used by both the customer and the provider when using and providing cloud services. The components are used to perform the activities of the roles and the components also connect with each other to enable particular activities.
Figure 1 ISO CCRA architecture for selecting and purchasing a cloud service
As an example, in figure 1, the cloud service business manager has the task to select and purchase a cloud service. This task is performed through the use of the business capabilities component of the cloud service provider which includes access to things such as the product catalog and subscription management, which enable the business manager to view the provider’s cloud service offerings and their associated terms and conditions and to establish a subscription for a cloud service.
The importantence of cross-cutting aspects are described including security, availability, governance, resilience and interoperability – aspects that are key to any successful use of cloud services.
By these means, the CCRA gives a clear and unambiguous high level view of cloud computing that can be used by both customers and providers of cloud services to describe their resources – human and technical resources – and how they are organized in relation to cloud services. The Overview and Vocabulary and the CCRA also have a wider significance, they provide a sound basis for governments and regulators in their approach to cloud computing, laying solid foundations for building standards and specifications addressing more detailed areas of significance for cloud computing such as SLAs, Security and Interoperability.
What are International or formal standards? There are 3 formal “du jour” standards organizations recognized by the UN:
- ITU, which is responsible for telecommunications (including cell phones);
- ISO, which is responsible for a wide range of standards in including those covering software and systems;
- IEC, which is responsible for electrical and electronic technology standards.
ITU is a treaty organization and has special status to influence regulations and governments.
As the computer industry evolved, ISO and IEC found that they needed to agree on computing and communications standards, so they agreed to work together in a jointly governed group – Joint Technical Committee 1 (JTC 1). This is where most of formal standards for the IT industry are defined, including those for cloud computing.
In addition, there are many informal standards organizations (often called consortia, such as OASIS or IETF) that build standards used by telecom and IT, and some take their standards through the formal organizations to create international standards. WTO membership for governments requires that governments prefer de jure standards over consortia standards or national standards; therefore de jure standards may not be able to be ignored.