Cloud standards: Tools to ensure cloud application interoperability
Standards organizations not only make standards, they build interoperability tools
About two years ago, IBM Software Standards and Cloud Labs Vice President Angel Diaz presented a look at the future of cloud computing:
By changing how business and society run, cloud computing is opening up
huge avenues of innovation. Developers are now combining systems of
record with systems of engagement, and a new style of cloud-based
application is emerging: systems of interaction. For these
applications to be sustainable, cloud computing needs to be built on
open source and open standards.
(Visit the article, video, or blog post.)
The reasons to adopt standards in cloud computing closely match the same logic that made the universal usability of the Internet a reality: The more accessible data is, the more interoperable software and platforms are, the more standardized the operating protocols are, the easier it will be to use and the more people with use it -- and the cheaper it will be to implement, operate, and maintain.
Systems and software designers see this logic in action when they create a cloud platform and don't have to worry about figuring out how to make it work with a dozen or so network protocols. Cloud application developers feel the power of standards when they build an application using a framework that guarantees almost 100 percent success in such areas as data access, resource allocation, debugging, failover mechanisms, user interface reconfiguration, and error, data, and exception handling... not to mention the shouts of joy when a developer realizes that a favored toolkit can integrate into a favored development platform, sometimes with only the push of a button.
For cloud developers and designers, standards are a powerful addition to their toolbox that allows them to spend more time creating fascinating new apps engineered with elegant code, and less time working out compatibility issues.
IBM and cloud open standards
IBM is deeply involved in the movement to develop cloud standards, advocating open cloud architecture and emphasizing the importance of building standards that support systems interoperability. To move toward a more standards-based, open cloud ecosystem, IBM has initiated several bold changes over the past few years:
- It based its open cloud services on the open source OpenStack cloud operating system.
- Many of IBM's cloud management products now incorporate OpenStack, including IBM's Smart Cloud Orchestrator and IBM Cloud Manager with OpenStack.
- The company implemented the Bluemix PaaS platform, based on Cloud Foundry, to help developers quickly build web and mobile applications while integrating multiple languages, frameworks, and services as needed.
- IBM integrated Docker containers to use with Bluemix; this simplifies the development and administration of distributed apps since you can build an app with any language and toolchain, then ship it safely for use on virtually any device. And it can scale to thousands of nodes.
- The company has dedicated a number of programmers to open source projects each year.
- Software-defined networking, providing an abstraction layer API for managing the network, has become a star strategy for IBM technologies; so has open source deployment automation with the tools of your choice (like Puppet or Juju or Chef). OAuth has become a key security technology for the integration of REST APIs into the enterprise.
- To prove that global standards are vital to cloud computing, IBM supports and actively participates in multiple cloud standards organizations, including the OpenStack Foundation, CSCC, OASIS, and W3C, to name just a few.
Standards that help development
Let's catch up on cloud standards that designers and developers can use in 2015 to help make software design simpler, cheaper, and faster.
CSCC is an end-user advocacy group that seeks to "accelerate cloud's successful adoption" as a means to strengthen 21st century enterprises. It is not really a standards organization but a facilitator; it works with existing standards groups to ensure that client requirements are addressed as standards evolve. This group understands that the transition from a traditional IT environment to a cloud-based environment can require significant changes, so it attempts to guarantee that this transition won't cost end-users the choice and flexibility they enjoy with their current IT environments.
Another role of the CSCC is to advocate for the establishment of open, transparent standards for cloud computing; the council believes that the agility and economic efficiencies cloud offers are only possible if the performance, security, and interoperability issues that arise during the transition to the cloud are answered in an open, transparent way.
DMTF is an association of industry IT companies and professionals collaborating on and promoting enterprise systems management and interoperability standards with a goal of providing "common management infrastructure components for instrumentation, control, and communication in a platform-independent and technology-neutral way."
The DMTF sports several areas of focus.
Open Virtualization Format (OVF)
The OVF standard, adopted as ISO 17203 by the International Organization for Standardization (ISO), creates uniform formatting for virtual systems-based software. OVF is platform independent, flexible, and open, and can be used by anyone who needs a standardized package for creating a virtual software solution that requires interoperability and portability. OVF simplifies management standards using the Common Information Model (CIM) to standardize management information formats; this reduces design and development overhead by allowing for quicker and more cost-effective implementation of new software solutions.
Open Cloud Standards Incubator working group
The Open Cloud Standards Incubator working group's goal is to facilitate management interoperability between in-enterprise private clouds and public and hybrid clouds. The components — cloud resource management protocols, packaging formats, and security mechanisms—address the increasing need for open, consistent cloud management architecture standards.
Cloud Management Working Group (CMWG)
CMWG uses the Cloud Infrastructure Management Interface (CIMI) to visually represent the total lifecycle of a cloud service so that you can enhance the implementation and management of that service and make sure it is meeting service requirements. This group can explain how to model the characteristics of an operation, allowing variation of your implementation to be tested prior to final development; it does this with CIM, which creates data classes with well-defined associations and characteristics, as well as a conceptual framework for organizing these components. CIM uses discrete layers: core model, common model, and extension representations.
Cloud Auditing Data Federation Working Group (CADF)
CADF works to standardize "audit events across all cloud and service providers" with the goal of resolving significant issues in cloud computing due to inconsistencies or incompatibilities. It seeks to ensure consumers of cloud computing systems that the security policies required on their applications are properly managed and enforced. The CADF Working Group develops the DMTF's CADF standard, a model programmers, managers, and users can employ to self-audit application security. An audit event model will eventually support the ability to submit and retrieve audit event data through reports.
For developers and designers tasked with creating and enhancing cloud enterprise systems management (and who isn't in any project?), these working groups, formats, and components are like a mini-toolbox.
ETSI is an organization that produces internationally-applicable standards in information and communications technology to improve systems interoperability, efficiencies, and economies through shared knowledge and expertise.
ETSI Technical Committee Cloud
ETSI Technical Committee Cloud examines issues arising from the convergence of IT and telecommunications. With cloud computing requiring connectivity to extend beyond the local network, cloud network scalability has become dependent on the ability of the telecom industry to handle rapid increases in data transfer; it also works on issues related to interoperability and security.
Cloud Standards Coordination (CSC)
The CSC initiative is responsible for developing a detailed set of standards required to support European Commission policy objectives that address security, interoperability, data portability, and reversibility.
GICTF is an organization promoting the standardization of network protocols and interfaces in an effort to create a more reliable cloud services network that solves the problems of security, data quality, system responsiveness, and reliability. This group looks at the cloud ecosphere from the perspective of leased IT and cloud architecture; its operating approach is to assume that the rapidly growing and leased nature of cloud systems may contribute to non-compatible and unstable cloud networks.
International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC)
ISO is a well-known, 70-year old, independent, non-governmental membership organization made up of 163 member countries. It is the world's largest developer of voluntary international technology standards. The IEC is more than 100 years old and is the leading force behind international standards for all technologies involving the electrical, electronic, and related fields.
Together, these two groups have built JTC 1, a development environment through which international standards for business and consumer applications are created. Working through JTC 1, technology experts build core infrastructure technologies and integrate complex and varied existing technologies. Sub Committee 38 of JTC 1 is concerned with distributed application platforms and services (that is, web services, service-oriented architectures, and cloud). Standards to come out of this group in recent years include Cloud Computing Service Level Agreements (CCSLA), Cloud Computing Interoperability and Portability (CCIP), Cloud Computing Data and its Flow (CCDF), and Cloud Data Management Interface (CDMI).
ITU is a specialized agency of the United Nations focusing on developing technical standards to ensure network interoperability and working to improve access in underserved communities. ITU Study Group 13 focuses on next-generation networks (NGN), including mobile technologies and cloud computing, especially as they relate to the ongoing international change from circuit to packet-based networks. Study Group 13 is also interested in developing technologies with reduced energy consumption.
A sub-group of Study Group 13 is the Joint Coordination Activity on Cloud Computing (JCA-Cloud). This group coordinates cloud computing standardization work within the ITU and with other organizations.
NIST is part of the U.S. Department of Commerce and it works to advance measurement science, standards, and technologies. NIST defines cloud computing for government and industry. It outlines cloud as follows:
- Five essential characteristics:
- On-demand self service
- Broad network access
- Resource pooling
- Rapid elasticity
- Measured service
- Three service models:
- Cloud Software as a Service (SaaS)
- Cloud Platform as a Service (PaaS)
- Cloud Infrastructure as a Service (IaaS)
- Four deployment models:
- Private cloud
- Community cloud
- Public cloud
- Hybrid cloud
NIST promotes systems standardization for security, interoperability, and streamlined connectivity. It does so through its Standards Acceleration to Jumpstart Adoption of Cloud Computing (SAJACC), a program that drives the creation and adoption of cloud computing standards by providing key use cases that show how specific applications can be successfully supported on the cloud.
OGF is an international group of IT professionals working through open forums and events to push for the rapid development and deployment of advanced applied distributed computing environments such as cloud, grid, and allied storage and network methods. OGF focuses on scalable enterprise solutions as well as supporting applications for research and science. The OCCI specification, a "RESTful protocol and API for all kinds of management tasks," is available through OGF. OCCI includes various general-purpose implementations and tools focused on integration, portability, interoperability, and autonomic scaling and monitoring.
OMG is an international technology standards consortium that originally targeted standardizing distributed object-oriented systems, but now focuses on modeling programs, systems, and business processes and creating model-based standards. It provides only specifications, not implementations (but any group attempting to get a spec accepted by OMG must provide a working implementation within one year after acceptance). OMG is part of the CSCC (the first group in this list).
OMG's Unified Modeling Language™ (UML) is the basis for modeling application structure, data structure, business process, and architecture. When used with UML's Meta Object Facility (MOF™) and Model-Driven Architecture®, the entire development process is unified which helps reduce cloud portability, interoperability, and reuse issues.
Some of OMG's recent hot topics have included software-defined networking and the industrial version of the Internet of Things.
OCC is an organization of universities, companies, and government labs and agencies that supports medical, health care, scientific, and environmental research by managing and operating cloud computing infrastructure. The OCC also develops benchmarks and standards to improve cloud computing, including the MalStone Benchmark which is designed to measure the performance of cloud computing middleware when mining data in data-intensive settings.
OASIS is a consortium that represents members in more than 65 countries and promotes multiple cloud protocols and standards:
- OASIS Cloud Application Management for Platforms (CAMP) for cloud interoperability
- OASIS Identity in the Cloud (IDCLOUD) for identity management security challenges
- OASIS Symptoms Automation Framework (SAF) is a catalog-based XML knowledge framework designed to make it easy to use knowledge across domains
- OASIS Topology and Orchestration Specification for Cloud Application (TOSCA) focuses on enhancing the portability of cloud applications and services
- OASIS Cloud Authorization (CloudAuthZ) enables contextual attributes and entitlements sets to be delivered to policy enforcement points in real time (cloud policy management)
- OASIS Public Administration Cloud Requirements (PACR) is a set of public-administration-specific attributes and operational requirements that are necessary in cloud computing services
SNIA is a global group focusing on developing standards and technologies for managing information and storage. Its CDMI is a functional interface that applications can use to manage data elements in the cloud. Management and administrative personnel can also use the interface to manage data, security access, and storage availability.
The Open Group's mission is to enhance business success through IT. It trumpets standards as a way to reduce costs and achieve the primary goal. Its Cloud Computing Group works to educate its members (and others) on how enterprises of all sizes can take advantage of the cost, scalability, and agility benefits of a cloud supported by standards.
As a division of the National Retail Federation, ARTS seeks to reduce the cost of technology through the implementation of standards; as a tool to meet that goal, it has developed the ARTS Data Model, now a standard in the retail industry. Software developers can use the ARTS Data Model as a base for their applications, allowing them to focus more resources on the development of unique user interfaces.
TM Forum is a global trade association that works to promote the concept of IT as a Service through its Cloud Forum. The group provides research, benchmarks, and roadmaps for the industry technology, as well as best-practice guidebooks, software standards-based interfaces, and training, conferences, and publications.
From the startup to the established, the government to the enterprise to the scientific, cloud continues to change how our world operates. Systems of record combine with systems of engagement to emerge as a new thing, a system of interaction. But for this pace of innovation to continue, cloud computing must be built on open source standards.
Open source and open standards make it easy for designers and developers to share knowledge quickly, and this knowledge is the key to lowering operating costs when you design, program, and implement a cloud application of system.
Use these standards and the specifications organizations create just as you would the actual tools you build your applications and systems with. They put the knowledge of thousands of programmers working on thousands of projects right at your fingertips.
- Cloud Standards Customer Council (CSCC)
- Distributed Management Task Force (DMTF)
- European Telecommunications Standards Institute (ETSI)
- Global Inter-Cloud Technology Forum (GICTF)
- International Organization for Standardization (ISO)
- International Electrotechnical Commission (IEC)
- International Telecommunications Union (ITU)
- National Institute of Standards and Technology (NIST)
- Open Grid Forum (OGF)
- Open Cloud Computing Interface (OCCI)
- Object Management Group (OMG)
- Open Cloud Consortium (OCC)
- Organization for the Advancement of Structured Information Standards (OASIS)
- Storage Networking Industry Association (SNIA)
- Cloud Data Management Interface (CDMI)
- The Open Group
- Association for Retail Technology Standards (ARTS)
- TM Forum