Cloud Computing Standardisationdocbox.etsi.org/Workshop/2011/201109_CLOUD/01_Tool... · developed in Cloud Computing? Application Service Catalog ITSM, ITIL, OCCI Management Business

Cloud Computing Standardisation Standardisation

Rainer ZimmermannEuropean Commission

Information Society and Media Directorate GeneralSoftware & Service Architectures and Infrastructures Unit

cloud: a definition

Cloud an elastic execution environment of resources involving multiple stakeholdersand providing a metered service at multiple

Sophie-Antipolis, 28-29 September 2011••• 2

and providing a metered service at multiple granularities for a specified level of quality(of service).

Source: Expert group on Cloud Computing, 2009

http://cordis.europa.eu/fp7/ict/ssai/docs/cloud-report-final.pdf

Cloud Computing

• What are the challenges ?


main cloud challenges

• Interoperability – lock-in risks– portability of data, security settings;

• Privacy & Liability– where is my data? whose law applies? who can access


– where is my data? whose law applies? who can access it?

• Governance, control – no control of licensing terms, SLA, use of legacy application

• Security, Dependability – data, outages

• ...

• Interoperability is essential for the cloud to be fair, open and competitive

interoperability


competitive

• Open specifications are a key in creating competitive and flourishing markets that deliver what customers need

data portability

• avoid lock-in

• customers and users fear to end


• customers and users fear to end locked-in with one provider

• can be a barrier to adoption

data protection

• Within the cloud, data may be hosted anywhere in the world, but needs to be protected against privacy intrusions and fraudulent use


fraudulent use

• Europe has been a leader in data protection since 1995 (with the Data Protection Directive)

• The European data protection regime is now under revision to ensure our fundamental rights and freedoms are well addressed in the digital era

legal framework - liability

• Cloud providers should protect European cloud customer’s data:– portability

– transparency


– transparency

– EU data protection standards

• European governments must have legal frameworks in place to guarantee data protection, privacy and liability in case something goes wrong

Cloud Computing

• What is Europe doing ?


European Cloud Strategy

• Vice President Neelie Kroes announced in Davos three axes for action:

• Legal Framework– Data protection, privacy laws,


– Data protection, privacy laws, user’s rights

• Technical & Commercial– Research & standardizationstandardization

• Market– Member states engagement, pilots, public procurement

Cloud Computing in the Digital Agenda

"Europe should also build its innovative advantage in key areas through reinforced infrastructures and […]


http://ec.europa.eu/information_society/digital-agenda/

reinforced infrastructures and […] should develop an EU-wide strategy on

'cloud computing' notably for government and science. […]

The strategy should consider economic, legal and institutional aspects.“

other steps

• May 23rd - Major stakeholders meeting– a consultation meeting with high level industrial representatives

– output• a draft policy paper• recommendations to EC and industry


• recommendations to EC and industry

– next preparatory meeting in October 2011

• Public web consultation, closed on August 31– more than 500 replies– some early findings BUT– full analysis still on-going

• International front– Discussion of cloud issues in the Trans-Atlantic Economic Council (TEC), G8, WEF, and other international fora

– EU-US INFSO dialogue: • July 1st a consultation meeting on certain cloud issues• next meeting is planned for October 2011

• European initiatives relevant to technology standardisation should

–endorse technology neutrality

consultation of major industries –

recommendations to EC


–endorse technology neutrality

–avoid to mandate standards or preferences too early

– foster the creation of EU-wide harmonized and globally interoperable rules

• industry should be active on standardisation and in particular should

– consider a possible adaptation of existing IT certification regimes to the needs of cloud services

– deal with the necessary transparency, as regards to EU privacy rules, data handling and data storage

consultation of major industries –

recommendations to industry


– deal with the necessary transparency, as regards to EU privacy rules, data handling and data storage

– propose adaptation of existing rules to CC, and best practices for providers

– foster the creation of EU-wide harmonized and globally interoperable rules

– make a comprehensive inventory of existing and emerging Cloud standardisation and interoperability initiatives in order to identify necessary steps to ensure data portability and guidelines for ease of migration

web consultation quotes on standards for Clouds:

• Continuing innovation in cloud and virtualisation will mean that this space will remain dynamic for the foreseeable future. As such it may still be too early to mandate or recommend standards as opposed to advising on available standards.

• Le législateur pourrait donc veiller à la protection des droits des consommateurs par la mise à disposition des informations relatives aux modalités de conservation des données dans un format ouvert et

a CAREFUL a CAREFUL a CAREFUL a CAREFUL discussion and discussion and discussion and discussion and

adoption adoption adoption adoption


modalités de conservation des données dans un format ouvert et interopérable

• The use of non-proprietary data formats and open APIs is critical for cloud computing interoperability. The EU should avoid technology mandates of any standard. Instead, the appropriate role would be to call for open interfaces and standards, wherever and whenever they are available.

• […] many other standards bodies and industry fora are working to adapt and develop standards for the cloud, […] . However, government, industry and any other stakeholders must be careful to avoid picking winners.

adoption adoption adoption adoption process is process is process is process is strongly strongly strongly strongly

recommendedrecommendedrecommendedrecommended

FI-WARE: the PPP platform provides cloud hosting

WA

RE

pre

sen

tati

on

, 2n

d E

uro

pe

an

Su

mm

it o

n t

he

Fu

ture

7

Ju

ne

20

11


fro

m F

I-W

AR

E p

rese

nta

tio

n, 2

nd

Eu

rop

ea

n S

um

mit

on

th

e F

utu

re

Inte

rne

t, L

uxe

mb

ou

rg, 6

-7 J

un

e 2

01

1

Cloud standardisation: the issues

• standardisation is highly complex• the supply side is not interested

– too early: players prefer to gain market share

• the demand side is hesitant – current solutions could result in lock in situations


– current solutions could result in lock in situations

• large number of involved parties– technology providers, solution integrators, governments, user groups, etc.

• regulatory requirements to comply with• several standardisation bodies and fora with heavy non-European participation

there is a real need to develop

Cloud Computing

• what are the standards in the game?


standards at which level?


from NIST, ttp://www.nist.gov/itl/cloud/upload/nist_cloud_computing_forum-badger_grance.pdf

Which type of standards need to be developed in Cloud Computing?

Application

Service Catalog

ManagementITSM, ITIL, OCCI Business Service SLA ???

S-RAMP Service DiscoveryService Catalog ???

Vendor Application APIsGoogle, Amazon, Salesforce.com ..

gap

fro

m C

ap

Ge

min

i p

rese

nta

tio

n, D

igit

al

Ag

en

da

, WS

18

, Bru

sse

ls 1

7.6

.20

11Examples:


Storage

Application

Compute

Identity

Syntax

Encryption

OVF Virtual Container

Advance Data , TransportEncryption e.g.AES, VPN, SSL

XML, HTTP, REST, Web Services..

At Rest , In transit, OpenID, OpenAuth, SAML,

OCCI Open Cloud Computing Interface OGA API

CDMI Cloud Data ManagementInterface - SNIA

OCI Open Cloud Interface

gap

fro

m C

ap

Ge

min

i p

rese

nta

tio

n, D

igit

al

Ag

en

da

, WS

18

, Bru

sse

ls 1

7.6

.20

11


from the presentation of the WG “Interoperability, Data Portability and Reversibility”, Brussels 23.5.2011

A (partial) list of involved SDO


from the SIENA initiative web site, http://www.sienainitiative.eu/StaticPage/Sdo.aspx

A (partial) list of involved SDO - 2


from the SIENA initiative web site, http://www.sienainitiative.eu/StaticPage/Sdo.aspx

Standards roadmap

• SIENA – FP7 support action ending in May 2012

– main output: roadmap on “Grids and Clouds for


– main output: roadmap on “Grids and Clouds for Research and for Public Services”

• and after? and for industry?

Cloud Computing Standards

• what could be next?


from chaos …


… and the ETSI role… to structure …

this meeting should be the starting point for ETSI to map the landscape in standardisation and help


standardisation and help us work out the interest of the Union, its industries

and its citizens.

in practical terms

• Taking into account–European legislative context

– roadmaps input


– roadmaps input

– industrial needs

– citizens/societal needs

–SDOs roles and input

– international dialogue and harmonisation

the desired output

internationally agreed

solid and

small set of

national std

small set of EU std

for specific


solid and mature criteria or

standards for Cloud Computing

std

for specific needs

specific fields like privacy

Further Information

Sites to drill further:

• http://cordis.europa.eu/software-services -Software & Service Architectures and Infrastructures

http://www.future-internet.eu –European Future


• http://www.future-internet.eu –European Future Internet portal

• http://ec.europa.eu/yourvoice/ipm/forms/dispatch?form=cloudcomputing&lang=en –Cloud consultation

Mail to: [email protected]

Documents

Cloud Computing Standardisationdocbox.etsi.org/Workshop/2011/201109_CLOUD/01_Tool... · developed in Cloud Computing? Application Service Catalog ITSM, ITIL, OCCI Management Business