Interconnected computing clouds: Difference between revisions
imported>Howard C. Berkowitz (New page: =====Linking IaaS===== NIST observes there is a need for standards, starting with IaaS, where many interfaces are proprietary but there is potential for openness:<ref>Mell and Grace, Octob...) |
imported>Howard C. Berkowitz No edit summary |
||
Line 1: | Line 1: | ||
== | {{TOC|right}} | ||
NIST | {{main|Cloud computing}} | ||
Given that [[cloud computing]] is an abstraction of services, '''interconnected computing clouds''', also called '''hybrid clouds''', are a logical progression, abstracting multiple clouds. | |||
As one moves up the abstraction hierarchy, from [[Infrastructure as a Service]] to [[Software as a Service]], the interfaces involve become increasingly application-specific. In the moderate term, cloud interconnection is likely to be vendor-driven, using proprietary interfaces. | |||
==Standards for interconnection== | |||
Peter Mell and Tim Grace Grace of [[NIST]] observe there is a need for standards, starting with IaaS, where many interfaces are proprietary but there is potential for openness:<ref name=NIST2009-10-07>{{citation | |||
| title = Effectively and Securely Using the Cloud Computing Paradigm | |||
| url = http://csrc.nist.gov/groups/SNS/cloud-computing/cloud-computing-v26.ppt | |||
| author = Peter Mell, Tim Grance | |||
| publisher = [[NIST]] Information Technology Laboratory | |||
| date = 7 October 2009}}, pp. 48-49</ref> | |||
*Virtual machine (VM) image distribution (e.g., [[Desktop Management Forum]] (DTMF) [[Open Virtualization Format]] (OVF) <ref name=DTMF-OVF>{{citation | *Virtual machine (VM) image distribution (e.g., [[Desktop Management Forum]] (DTMF) [[Open Virtualization Format]] (OVF) <ref name=DTMF-OVF>{{citation | ||
Line 7: | Line 17: | ||
| year = 2007 | | year = 2007 | ||
| title = Open Virtualization Format Specification}}</ref> | | title = Open Virtualization Format Specification}}</ref> | ||
*VM provisioning and control (e.g., the proprietary API to [[Amazon Elastic Cloud | *VM provisioning and control (e.g., the proprietary API to [[Amazon Elastic Cloud Cloud]]) | ||
*Inter-cloud VM exchange; interfaces are lacking here | *Inter-cloud VM exchange; interfaces are lacking here | ||
*Persistent storage (e.g., Azure Storage, S3, EBS, GFS, Atmos) | *Persistent storage (e.g., Azure Storage, S3, EBS, GFS, Atmos) | ||
Line 13: | Line 23: | ||
*Secure VM configuration, such as [[Security Content Automation Protocol]] (SCAP) | *Secure VM configuration, such as [[Security Content Automation Protocol]] (SCAP) | ||
VMware, the largest virtualization vendor, has offered its vCloud API to the [[Desktop Management Forum]], which they say is responsive to open standards. An industry analyst, Chris Wolf of the Burton Group, said that making the API available without the infrastructure is marketing, not interoperability.<ref name=NW2009-08-31VMWare | VMware, the largest virtualization vendor, has offered its vCloud API to the [[Desktop Management Forum]], which they say is responsive to open standards. An industry analyst, Chris Wolf of the Burton Group, said that making the API available without the infrastructure is marketing, not interoperability.<ref name=NW2009-08-31VMWare>{{citation | ||
=====Linking PaaS and SaaS | | title = VMware cloud initiative raises vendor lock-in issue | ||
| author = Jon Brodkin | |||
| journal = Network World | |||
| date = 31 August 2009}}, p. 1, 19</ref> | |||
==Linking PaaS and SaaS== | |||
IaaS interconnection conceptually is easier than interconnection at higher levels of abstraction, more likely to provide business-to-business rather than user-to-service functionality. SaaS linkage is sometimes called Enterprise Service Bus. Vendors in this space, such as Rearden Commerce and Ariba, are brokers between customers and service providers; Rearden's product is an automated personal assistant that goes to approved service providers. Ariba offers "spend management" SaaS. | |||
By their value-added nature, it is much harder to standardize interfaces at the higher levels of cloud service. There are possible approaches, however, such as | By their value-added nature, it is much harder to standardize interfaces at the higher levels of cloud service. There are possible approaches, however, such as | ||
Line 27: | Line 41: | ||
Security may be one of the first places for open standards in IaaS, PaaS, and SaaS. <ref>Mell and Grace, October 2009, p. 50</ref> | Security may be one of the first places for open standards in IaaS, PaaS, and SaaS. <ref>Mell and Grace, October 2009, p. 50</ref> | ||
==Security== | |||
Open interface possibilities include: | Open interface possibilities include: | ||
*Identity and Access Management (IAM) | *Identity and Access Management (IAM) |
Revision as of 18:53, 20 March 2010
Given that cloud computing is an abstraction of services, interconnected computing clouds, also called hybrid clouds, are a logical progression, abstracting multiple clouds.
As one moves up the abstraction hierarchy, from Infrastructure as a Service to Software as a Service, the interfaces involve become increasingly application-specific. In the moderate term, cloud interconnection is likely to be vendor-driven, using proprietary interfaces.
Standards for interconnection
Peter Mell and Tim Grace Grace of NIST observe there is a need for standards, starting with IaaS, where many interfaces are proprietary but there is potential for openness:[1]
- Virtual machine (VM) image distribution (e.g., Desktop Management Forum (DTMF) Open Virtualization Format (OVF) [2]
- VM provisioning and control (e.g., the proprietary API to Amazon Elastic Cloud Cloud)
- Inter-cloud VM exchange; interfaces are lacking here
- Persistent storage (e.g., Azure Storage, S3, EBS, GFS, Atmos)
- VM service level agreements (SLA); definitions are lacking for machine readable uptime, resource guarantees, storage redundancy
- Secure VM configuration, such as Security Content Automation Protocol (SCAP)
VMware, the largest virtualization vendor, has offered its vCloud API to the Desktop Management Forum, which they say is responsive to open standards. An industry analyst, Chris Wolf of the Burton Group, said that making the API available without the infrastructure is marketing, not interoperability.[3]
Linking PaaS and SaaS
IaaS interconnection conceptually is easier than interconnection at higher levels of abstraction, more likely to provide business-to-business rather than user-to-service functionality. SaaS linkage is sometimes called Enterprise Service Bus. Vendors in this space, such as Rearden Commerce and Ariba, are brokers between customers and service providers; Rearden's product is an automated personal assistant that goes to approved service providers. Ariba offers "spend management" SaaS.
By their value-added nature, it is much harder to standardize interfaces at the higher levels of cloud service. There are possible approaches, however, such as
- PaaS
- Supported programming languages
- APIs for cloud services
- SaaS
- SaaS-specific authentication / authorization
- Formats for data import and export (e.g., XML schemas)
- Separate standards may be needed for each application space
Security may be one of the first places for open standards in IaaS, PaaS, and SaaS. [4]
Security
Open interface possibilities include:
- Identity and Access Management (IAM)
- IdM federation (SAML, WS-Federation, Liberty ID-FF)
- Strong authentication standards (HOTP, OCRA, TOTP)
- Entitlement management (XACML)
- Data Encryption (at-rest, in-flight), Key Management
- Public Key Infrastructure (PKI), PKCS, KEYPROV (CT-KIP, DSKPP), EKMI
- Records and Information Management (ISO 15489)
- Electronic legal discovery with the Electronics Discovery Reference Model [http://www.edrm.net (EDRM)
Citrix and Signacert are building a security system for cloud interconnection, using a whitelist repository of trust information. [5]
References
- ↑ Peter Mell, Tim Grance (7 October 2009), Effectively and Securely Using the Cloud Computing Paradigm, NIST Information Technology Laboratory, pp. 48-49
- ↑ Open Virtualization Format Specification, Desktop Management Forum, 2007
- ↑ Jon Brodkin (31 August 2009), "VMware cloud initiative raises vendor lock-in issue", Network World, p. 1, 19
- ↑ Mell and Grace, October 2009, p. 50
- ↑ "Citrix to Establish Virtual Infrastructure Security Validation in Collaboration with SignaCert.", Business Wire, 9 September 2009